Strix
26.1K

CVE-2016-8388

HIGHCVSS 7.8/10EPSS 1.87%

Last modified

CVE-2016-8388 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. An exploitable arbitrary heap-overwrite vulnerability exists within Iceni Argus. When it attempts to convert a malformed PDF to XML, it will explicitly trust an index within the specific font object and use it to write the font's name to a single object within an array of objects.. EPSS estimates a 1.87% chance of exploitation in the next 30 days.

Description

An exploitable arbitrary heap-overwrite vulnerability exists within Iceni Argus. When it attempts to convert a malformed PDF to XML, it will explicitly trust an index within the specific font object and use it to write the font's name to a single object within an array of objects.

Metrics

CVSS 3.1
7.8/10

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Probability
1.87%

76.6th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
IceniArgus6.6.04

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2016-8388?
An exploitable arbitrary heap-overwrite vulnerability exists within Iceni Argus. When it attempts to convert a malformed PDF to XML, it will explicitly trust an index within the specific font object and use it to write the font's name to a single object within an array of objects.
How severe is CVE-2016-8388?
CVE-2016-8388 has a CVSS score of 7.8/10 (HIGH severity). The EPSS model estimates a 1.87% probability of exploitation in the next 30 days.
How do I fix CVE-2016-8388?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2016-8388?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST