Published:2013/07/17  Last Updated:2013/07/17

JVN#68663052
Oracle Outside In vulnerable to denial-of-service (DoS)

Overview

Oracle Outside In contains a denial-of-service (DoS) vulnerability.

Products Affected

  • Oracle Outside In version 8.4.1 and earlier

Description

Oracle Outside In is a library to decode over 500 file types. Oracle Outside In contains a denial-of-service (DoS) vulnerability.

Impact

When Oracle Outside In processes a specially crafted Hangul Word Processor file, the process may hang.

Solution

Apply an update
Update to the latest version according to the information provided by the developer.

Vendor Status

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Credit

Takahiro Haruyama of Internet Initiative Japan Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE CVE-2013-3776
JVN iPedia JVNDB-2013-000071