These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2016-8715 describes a heap corruption vulnerability in Iceni Argus 6.6.05's loadTrailer functionality. According to the supplied NVD data, the issue is rated HIGH (CVSS 7.8) and can be triggered by a specially crafted PDF file, with the potential for arbitrary code execution after user interaction.
CVE-2016-8389 is a high-severity integer-overflow vulnerability in Iceni Argus 6.6.04. When Argus processes a malformed PDF during PDF-to-XML conversion, it can mis-handle font-to-polygon rasterization and write outside the bounds of an internal buffer. The issue was publicly recorded by CVE/NVD on 2017-02-28 and remains relevant for any environment that opens untrusted PDFs with the affected software.
CVE-2016-8388 is a high-severity vulnerability in Iceni Argus. When the product converts a malformed PDF to XML, it can trust an attacker-influenced index from a font object and use it to write a font name into an object array, resulting in an arbitrary heap overwrite. The published CVSS score is 7.8, and the NVD vector indicates local access with user interaction required.
CVE-2016-8387 describes a heap-based buffer overflow in Iceni Argus while converting malformed PDF content. According to NVD, the issue is triggered when an object encoded with multiple encoding types ends with an LZW-encoded type, and the overflow stems from missing bounds checking in the LZW decoder. The impact is rated High, with the potential for code execution under the context of the user running th [truncated]
CVE-2016-8386 describes a high-severity heap-based buffer overflow in Iceni Argus 6.6.04. When Argus converts a PDF containing a malformed font to XML, a signedness issue can cause it to return a buffer smaller than the requested size. The subsequent write into that buffer can overflow heap memory and may lead to code execution in the context of the user running the tool. The CVE was published on 2017-02-27.
CVE-2016-8385 is a HIGH-severity memory corruption issue in Iceni Argus. When the tool converts a malformed PDF to XML, an uninitialized stack variable can later be used as a length for a copy operation, which may write past the bounds of a stack buffer used for color data. The result can be code execution in the context of the account running the tool.