10 matches found
CVE-2016-8335
CVE-2016-8335 is an exploitable stack-based buffer overflow in Iceni Argus IPNameAdd(), triggered by unvalidated source strings copied via strcpy before length checks. Affects Iceni Argus 6.6.04 (Linux x64) and 6.6.04 (Windows x64). The vulnerability stems from a 255-byte destination buffer (dest...
CVE-2016-8387
CVE-2016-8387 describes a heap-based buffer overflow in Iceni Argus during PDF to HTML conversion when decoding objects with multiple encodings ending in LZW. The overflow arises from missing bounds checking in the LZW decoder (ipLZWFeedCreate/ipLZWFeedRead paths), potentially enabling code execu...
CVE-2016-8389
CVE-2016-8389 affects Iceni Argus and is an exploitable integer-overflow vulnerability discovered in 2016. The issue occurs during PDF-to-XML conversion when text is converted to polygons and rasterized, leading to writes outside allocated buffers and potential code execution. Technical details f...
CVE-2016-8385
CVE-2016-8385 affects Iceni Argus and is described across multiple sources (e.g., TALOS report) as an uninitialized variable vulnerability that causes a stack-based buffer overflow when converting malformed PDFs to XML. The root cause involves an uninitialized stack variable used to determine a c...
CVE-2016-8386
CVE-2016-8386 affects Iceni Argus with a heap-based buffer overflow in the PDF-to-XML/font processing flow. Root cause: a signedness bug in icnBufferAlloc can allocate an undersized buffer, which is then used by GetTables/GetTables+ipDataFeedRead to read data and can overflow the memory, potentia...
CVE-2016-8715
Iceni Argus CVE-2016-8715 affects Argus 6.6.05. The root cause is a heap corruption in loadTrailer where the PDF Size field from the trailer is used to allocate memory (icnChainAlloc) and then memset-ing 24*v166 bytes. If Size is negative (e.g., -1 or large unsigned interpretations), icnChainAllo...
CVE-2017-2777
The vulnerability CVE-2017-2777 affects Iceni Argus 6.6.05. A heap overflow/heap corruption flaw in ipStringCreate can be triggered by processing specially crafted PDF content, enabling remote code execution. The root cause is an integer overflow in the allocation size (size + 11) when building a...
CVE-2011-3332
The CVE-2011-3332 entry refers to a stack-based buffer overflow in Iceni Argus (6.20 and earlier) and Infix (5.04) that can be triggered by a crafted flate-compressed PDF, allowing remote code execution. Affected components: Iceni Argus library (PDF handling) and Iceni Infix; impact is remote cod...
CVE-2016-8388
Iceni Argus contains a heap-overwrite vulnerability in its PDF-to-XML conversion path. Specifically, during glyph-map handling, an index trusted from a font object can be used to write a font name pointer into an out-of-bounds location, enabling memory corruption and potential code execution. Rep...
CVE-2016-8333
Summary (CVE-2016-8333): Iceni Argus 6.6.04 contains a stack-based buffer overflow in ipfSetColourStroke. The function copies ICNChain->len elements from the opStack into a local dstArray[9], but ICNChain->len can be 12, causing a overflow and potentially arbitrary code execution. The overf...