Iceni Argus におけるヒープベースのバッファオーバーフローの脆弱性
| Title |
Iceni Argus におけるヒープベースのバッファオーバーフローの脆弱性
|
| Summary |
Iceni Argus には、PDF を XML へ変換する際、ヒープベースのバッファオーバーフローの脆弱性が存在します。
|
| Possible impacts |
不正な形式のフォントを含む PDF を介して、ツールを実行しているユーザのコンテキストでコードを実行される可能性があります。 |
| Solution |
ベンダ情報および参考情報を参照して適切な対策を実施してください。 |
| Publication Date |
Oct. 10, 2016, midnight |
| Registration Date |
March 17, 2017, 4:47 p.m. |
| Last Update |
March 17, 2017, 4:47 p.m. |
|
CVSS3.0 : 重要
|
| Score |
7.8
|
| Vector |
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
|
CVSS2.0 : 危険
|
| Score |
9.3
|
| Vector |
AV:N/AC:M/Au:N/C:C/I:C/A:C |
Affected System
CVE (情報セキュリティ 共通脆弱性識別子)
CWE (共通脆弱性タイプ一覧)
ベンダー情報
Change Log
| No |
Changed Details |
Date of change |
| 0 |
[2017年03月17日]
掲載 |
Feb. 17, 2018, 10:37 a.m. |
NVD Vulnerability Information
CVE-2016-8386
| Summary |
An exploitable heap-based buffer overflow exists in Iceni Argus. When it attempts to convert a PDF containing a malformed font to XML, the tool will attempt to use a size out of the font to search through a linked list of buffers to return. Due to a signedness issue, a buffer smaller than the requested size will be returned. Later when the tool tries to populate this buffer, the overflow will occur which can lead to code execution under the context of the user running the tool.
|
| Publication Date |
Feb. 28, 2017, 6:59 a.m. |
| Registration Date |
Jan. 26, 2021, 2:18 p.m. |
| Last Update |
Nov. 21, 2024, 11:59 a.m. |
Affected software configurations
| Configuration1 |
or higher |
or less |
more than |
less than |
| cpe:2.3:a:iceni:argus:6.6.04:*:*:*:*:*:*:* |
|
|
|
|
Related information, measures and tools
Common Vulnerabilities List