CVE-2016-8387 - An exploitable heap-based buffer overflow exists in Iceni Argus. When it attempts to convert a malfo

CVE-2016-8387

Summary

An exploitable heap-based buffer overflow exists in Iceni Argus. When it attempts to convert a malformed PDF with an object encoded w/ multiple encoding types terminating with an LZW encoded type, an overflow may occur due to a lack of bounds checking by the LZW decoder. This can lead to code execution under the context of the account of the user running it.

References

http://www.talosintelligence.com/reports/TALOS-2016-0212/
http://www.securityfocus.com/bid/96468

Vulnerable Configurations

cpe:2.3:a:iceni:argus:6.6.04:*:*:*:*:*:*:*
cpe:2.3:a:iceni:argus:6.6.04:*:*:*:*:*:*:*

CVSS

Base:	9.3 (as of 13-12-2022 - 21:18)
Impact:
Exploitability:

CWE

CWE-787

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:M/Au:N/C:C/I:C/A:C

refmap via4

bid	96468
misc	http://www.talosintelligence.com/reports/TALOS-2016-0212/

Last major update

13-12-2022 - 21:18

Published

27-02-2017 - 21:59

Last modified

13-12-2022 - 21:18