CVE-2016-8385 (argus)

CVE-2016-8385 (argus)

An exploitable uninitialized variable vulnerability which leads to a stack-based buffer overflow exists in Iceni Argus. When it attempts to convert a malformed PDF to XML a stack variable will be left uninitialized which will later be used to fetch a length that is used in a copy operation. In most cases this will allow an aggressor to write outside the bounds of a stack buffer which is used to contain colors. This can lead to code execution under the context of the account running the tool.

Source: CVE-2016-8385 (argus)

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다