CVE-2016-8386 in Argusinfo

Summary

An exploitable heap-based buffer overflow exists in Iceni Argus. When it attempts to convert a PDF containing a malformed font to XML, the tool will attempt to use a size out of the font to search through a linked list of buffers to return. Due to a signedness issue, a buffer smaller than the requested size will be returned. Later when the tool tries to populate this buffer, the overflow will occur which can lead to code execution under the context of the user running the tool.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Reservation

09/29/2016

Disclosure

02/27/2017

Moderation

VulDB entry created

Entries

VDB-97326 (1)

CPE

ready

CWE

CWE-119 (Confirmed)

CVSS

7.5

EPSS

0.00333

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2016-8386
NVD	https://nvd.nist.gov/vuln/detail/CVE-2016-8386
CVE Details	https://www.cvedetails.com/cve/CVE-2016-8386/

◂ Previous Overview Next ▸

Interested in the pricing of exploits?

See the underground prices here!