Description
An exploitable arbitrary heap-overwrite vulnerability exists within Iceni Argus. When it attempts to convert a malformed PDF to XML, it will explicitly trust an index within the specific font object and use it to write the font's name to a single object within an array of objects.
References (2)
Core 2
Core References
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/96472
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://www.talosintelligence.com/reports/TALOS-2016-0213/
Scores
CVSS v3
7.8
EPSS
0.0013
EPSS Percentile
31.9%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-125
Status
published
Products (2)
iceni/argus
6.6.04
Iceni/Argus
6.6.04 (Sep 7 2012) NK
Published
Feb 28, 2017
Tracked Since
Feb 18, 2026