admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 09:11:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2016/CVE-2016-83xx/CVE-2016-8389.json
René Helmke 7791f18b51 bootstrap
2023-05-16 16:09:41 +02:00

137 lines
4.4 KiB
JSON
Raw Blame History

{
"id": "CVE-2016-8389",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2017-02-28T15:59:00.220",
"lastModified": "2022-12-13T21:31:29.473",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An exploitable integer-overflow vulnerability exists within Iceni Argus. When it attempts to convert a malformed PDF to XML, it will attempt to convert each character from a font into a polygon and then attempt to rasterize these shapes. As the application attempts to iterate through the rows and initializing the polygon shape in the buffer, it will write outside of the bounds of said buffer. This can lead to code execution under the context of the account running it."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad explotable de desbordamiento de entero en Iceni Argus. Cuando trata de convertir un PDF mal formado a XML, intentar\u00e1 convertir cada car\u00e1cter de una fuente en un pol\u00edgono y despu\u00e9s intentar\u00e1 rasterizar estas formas. A medida que la aplicaci\u00f3n intenta iterar a trav\u00e9s de las filas e inicializar la forma del pol\u00edgono en el b\u00fafer, escribir\u00e1 fuera de los l\u00edmites de dicho b\u00fafer. Esto puede conducir a ejecuci\u00f3n de c\u00f3digo bajo el contexto de la cuenta que lo ejecuta."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"accessVector": "NETWORK",
"accessComplexity": "MEDIUM",
"authentication": "NONE",
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3
},
"baseSeverity": "HIGH",
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": true
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-190"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:iceni:argus:6.6.04:*:*:*:*:*:*:*",
"matchCriteriaId": "15F3CAC5-64D7-4FFF-B180-E4F271E488DA"
}
]
}
]
}
],
"references": [
{
"url": "http://www.securityfocus.com/bid/96469",
"source": "talos-cna@cisco.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0214/",
"source": "talos-cna@cisco.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink