CVE-2016-8385 - An exploitable uninitialized variable vulnerability which leads to a stack-based buffer overflow exi

CVE-2016-8385

Summary

An exploitable uninitialized variable vulnerability which leads to a stack-based buffer overflow exists in Iceni Argus. When it attempts to convert a malformed PDF to XML a stack variable will be left uninitialized which will later be used to fetch a length that is used in a copy operation. In most cases this will allow an aggressor to write outside the bounds of a stack buffer which is used to contain colors. This can lead to code execution under the context of the account running the tool.

References

Vulnerable Configurations

cpe:2.3:a:iceni:argus:6.6.04:*:*:*:*:*:*:*
cpe:2.3:a:iceni:argus:6.6.04:*:*:*:*:*:*:*

CVSS

Base:	9.3 (as of 13-12-2022 - 21:17)
Impact:
Exploitability:

CWE

CWE-787

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:M/Au:N/C:C/I:C/A:C

refmap via4

bid	96472
misc	http://www.talosintelligence.com/reports/TALOS-2016-0210/

Last major update

13-12-2022 - 21:17

Published

27-02-2017 - 21:59

Last modified

13-12-2022 - 21:17