CVE-2016-8385

Name of the Vulnerable Software and Affected Versions Iceni Argus (affected versions not specified)

Description The issue is related to an uninitialized variable vulnerability that leads to a stack-based buffer overflow. This occurs when Iceni Argus attempts to convert a malformed PDF to XML, resulting in a stack variable being left uninitialized. The uninitialized variable is later used to fetch a length for a copy operation, which can allow an aggressor to write outside the bounds of a stack buffer used to contain colors. This can lead to code execution under the context of the account running the tool.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.