The Cisco Talos research team has spotted multiple remote code execution vulnerabilities in the Iceni Argus PDF content extraction product.
The flaws could allow an attacker to gain full control over a user’s device and affects the MarkLogic product which uses Iceni Argus for PDF document conversion as part of their web-based document search and rendering, according to a Feb. 27 blog post.
The vulnerabilities include several heap-based buffer overflow bugs, a stack based buffer overflow bug, an integer based overflow bug, heap overwrite bugs, and heap corruption bugs spread among six CVE vulnerabilities.
One of the vulnerabilities, CVE-2016-8385, occurs when a user tries to convert a malicious PDF to XML that uses malformed colors. The flaw ultimately leaves an uninitialized pointer leading to a stack based buffer overflow later on which could then lead to code execution under the context of the local user.
Iceni has since released a patch for the vulnerabilities and researchers recommend users update to the latest version as soon as possible.