Arbitrary Heap-Overwrite Vulnerability in Iceni Argus during PDF to XML Conversion

Arbitrary Heap-Overwrite Vulnerability in Iceni Argus during PDF to XML Conversion

CVE-2016-8388 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

An exploitable arbitrary heap-overwrite vulnerability exists within Iceni Argus. When it attempts to convert a malformed PDF to XML, it will explicitly trust an index within the specific font object and use it to write the font's name to a single object within an array of objects.

Learn more about our Web Application Penetration Testing UK.