CVE-2016-8387
CVE-2016-8387 is a high-severity vulnerability in Iceni Argus with a CVSS 3.x base score of 7.8. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-787.
Key facts
- Severity: High (CVSS 3.x base score 7.8)
- CVSS v2: 9.3
- EPSS exploit prediction: 2% (81st percentile)
- Actively exploited: Not listed in CISA KEV
- Weakness: CWE-787
- Affected product: Iceni Argus
- Published:
- Last modified:
Description
An exploitable heap-based buffer overflow exists in Iceni Argus. When it attempts to convert a malformed PDF with an object encoded w/ multiple encoding types terminating with an LZW encoded type, an overflow may occur due to a lack of bounds checking by the LZW decoder. This can lead to code execution under the context of the account of the user running it.
Frequently asked questions
- What is CVE-2016-8387?
- An exploitable heap-based buffer overflow exists in Iceni Argus. When it attempts to convert a malformed PDF with an object encoded w/ multiple encoding types terminating with an LZW encoded type, an overflow may occur due to a lack of bounds checking by the LZW decoder. This can lead to code execution under the context of the account of the user running it.
- How severe is CVE-2016-8387?
- CVE-2016-8387 has a CVSS 3.x base score of 7.8, rated high severity. It is exploitable over local access with low attack complexity, requires no privileges and user interaction. Impact on confidentiality is high, integrity high, and availability high.
- Is CVE-2016-8387 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 2% (81st percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2016-8387?
- CVE-2016-8387 affects Iceni Argus. See the affected-products list for the exact vulnerable versions.
- How do I fix CVE-2016-8387?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its high severity, prioritise patching exposed systems.
- When was CVE-2016-8387 published?
- CVE-2016-8387 was published on 2017-02-27 and last updated on 2026-06-17.
References
Affected products (1)
- cpe:2.3:a:iceni:argus:6.6.04:*:*:*:*:*:*:*
More vulnerabilities in Iceni Argus
- CVE-2011-3332 — Critical (CVSS 10.0): Stack-based buffer overflow in Iceni Argus 6.20 and earlier and Infix 5.04 allows remote attackers to execute arbitrary…
- CVE-2017-2777 — High (CVSS 8.8): An exploitable heap overflow vulnerability exists in the ipStringCreate function of Iceni Argus Version 6.6.05. A…
- CVE-2016-8335 — High (CVSS 8.8): An exploitable stack based buffer overflow vulnerability exists in the ipNameAdd functionality of Iceni Argus Version…
- CVE-2016-8333 — High (CVSS 8.8): An exploitable stack-based buffer overflow vulnerability exists in the ipfSetColourStroke functionality of Iceni Argus…
- CVE-2016-8715 — High (CVSS 7.8): An exploitable heap corruption vulnerability exists in the loadTrailer functionality of Iceni Argus version 6.6.05. A…
- CVE-2016-8389 — High (CVSS 7.8): An exploitable integer-overflow vulnerability exists within Iceni Argus. When it attempts to convert a malformed PDF to…
All CVEs affecting Iceni Argus →
Other CWE-787 (Out-of-bounds Write) vulnerabilities
- CVE-2026-42369 — Critical (CVSS 10.0): GV-VMS V20 is a Video Monitoring Software used to gather the feeds of many surveillance cameras and manage other…
- CVE-2026-4746 — Critical (CVSS 10.0): Out-of-bounds Write vulnerability in timeplus-io proton (base/poco/Foundation/src modules). This vulnerability is…
- CVE-2025-43300 — Critical (CVSS 10.0): An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.8.5 and iPadOS…
- CVE-2025-24201 — Critical (CVSS 10.0): An out-of-bounds write issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in…
- CVE-2024-42479 — Critical (CVSS 10.0): llama.cpp provides LLM inference in C/C++. The unsafe `data` pointer member in the `rpc_tensor` structure can cause…
- CVE-2024-39791 — Critical (CVSS 10.0): Stack-based buffer overflow vulnerabilities affecting Vonets industrial wifi bridge relays and wifi bridge…