Talos discovers and responsibly discloses software vulnerabilities on a regular basis. This blog will cover the technical aspects including discovery and exploitation process via the Argus PDF converter. MarkLogic uses this converter each time XDMP API “pdf-convert” is used. In a previous post Talos took a deep dive into Lexmark Perceptive Document Filters, in this post we are going to focus on another converter used by Marklogic located in `Converters/cvtpdf` folder. The vulnerability is a classic stack based buffer overflow, which can lead to arbitrary code execution.”]
Source: https://blog.talosintelligence.com/2017/09/deep-dive-marklogic-exploitation.html