CVE-2016-8388 HIGH

CVE-2016-8388

Vendor Iceni
Product Argus
Published February 28, 2017
Last update August 6, 2024

CVSS base score

8.8/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

An exploitable arbitrary heap-overwrite vulnerability exists within Iceni Argus. When it attempts to convert a malformed PDF to XML, it will explicitly trust an index within the specific font object and use it to write the font's name to a single object within an array of objects.

Key dates

02Disclosure timeline

February 28, 2017 CVE published
August 6, 2024 Record updated