Lucene search
K

54 matches found

Cvelist
Cvelist
added 2019/10/09 8:40 p.m.23 views

CVE-2019-5053

An exploitable use-after-free vulnerability exists in the Length parsing function of NitroPDF. A specially crafted PDF can cause a type confusion, resulting in a use-after-free condition. An attacker can craft a malicious PDF to trigger this vulnerability...

7.5CVSS7.6AI score0.01331EPSS
Exploits1References1
CVE
CVE
added 2019/10/09 8:40 p.m.88 views

CVE-2019-5053

CVE-2019-5053 maps to a NitroPDF use-after-free in the Length parsing function, causing type confusion when parsing the Length field in PDFs. Talos advisories (TALOS-2019-0830) describe an exploitable use-after-free in NitroPDF 12.12.1.522 with the /Length value (or a reference to it) leading to ...

7.8CVSS7.5AI score0.01331EPSS
Exploits1References1Affected Software1
Talos Blog
Talos Blog
added 2019/10/09 7:30 a.m.97 views

Vulnerability Spotlight: Multiple remote code execution bugs in NitroPDF

Cory Duplantis and Aleksandar Nikolic of Cisco Talos discovered these vulnerabilities. Cisco Talos recently discovered multiple remote code execution vulnerabilities in NitroPDF. Nitro PDF allows users to save, read, sign and edit PDF files on their machines. There are two versions of the product...

6.8CVSS1.2AI score0.02562EPSS
Exploits6
Talos
Talos
added 2019/10/09 12:0 a.m.98 views

NitroPDF ICCBased Color Space Remote Code Execution Vulnerability

Summary A specifically crafted PDF file can lead to a heap corruption when opened in NitroPDF 12.12.1.522. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim would need to open the malicious file. Tested Versions NitroPD...

8.8CVSS8.5AI score0.02282EPSS
Exploits1
Symantec
Symantec
added 2019/10/09 12:0 a.m.30 views

Nitro Software NitroPDF Multiple Remote Code Execution and Memory Corruption Vulnerabilities

Description Nitro Software NitroPDF is prone to multiple remote code-execution vulnerabilities and a memory-corruption vulnerability. Attackers can exploit these issues to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely cause...

0.7AI score
Exploits0References1Affected Software1
Talos
Talos
added 2019/10/09 12:0 a.m.105 views

NitroPDF jpeg2000 ssizDepth Remote Code Execution Vulnerability

Summary A specifically crafted jpeg2000 file embedded in a PDF file can lead to a heap corruption when opening a PDF document in NitroPDF 12.12.1.522. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim would need to open...

8.8CVSS8.6AI score0.02282EPSS
Exploits1
Talos
Talos
added 2019/10/09 12:0 a.m.105 views

NitroPDF CharProcs Remote Code Execution Vulnerability

Summary An exploitable Use After Free vulnerability exists in the CharProcs parsing functionality of NitroPDF. A specially crafted PDF can cause a type confusion, resulting in a Use After Free. An attacker can craft a malicious PDF to trigger this vulnerability. Tested Versions NitroPDF 12.2.1.52...

7.8CVSS7.6AI score0.01331EPSS
Exploits1
Talos
Talos
added 2019/10/09 12:0 a.m.102 views

NitroPDF Page Kids Remote Code Execution Vulnerability

Summary A specifically crafted PDF file can lead to a heap corruption when opened in NitroPDF 12.12.1.522. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim would need to open the malicious file. Tested Versions NitroPD...

8.8CVSS8.4AI score0.02562EPSS
Exploits1
Talos
Talos
added 2019/10/09 12:0 a.m.99 views

NitroPDF Stream Length Memory Corruption Vulnerability

Summary An exploitable use-after-free vulnerability exists in the Length parsing function of NitroPDF. A specially crafted PDF can cause a type confusion, resulting in a use-after-free condition. An attacker can craft a malicious PDF to trigger this vulnerability. Tested Versions NitroPDF...

7.8CVSS7.9AI score0.01331EPSS
Exploits1
Talos
Talos
added 2019/10/09 12:0 a.m.102 views

NitroPDF jpeg2000 yTsiz Remote Code Execution Vulnerability

Summary A specifically crafted jpeg2000 file embedded in a PDF file can lead to a heap corruption when opening a PDF document in NitroPDF 12.12.1.522. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim would need to open...

8.8CVSS8.6AI score0.02282EPSS
Exploits1
Openbugbounty
Openbugbounty
added 2018/01/06 9:23 p.m.9 views

store.nitropdf.com Open Redirect vulnerability

Open Bug Bounty ID: OBB-494124 Description| Value ---|--- Affected Website:| store.nitropdf.com Vulnerable Application:| Custom Code Vulnerability Type:| Open Redirect / CWE-601 CVSSv3 Score:| 3.4 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N Disclosure Standard:| Coordinated Disclosure based on I...

6.9AI score
Exploits0
Openbugbounty
Openbugbounty
added 2018/01/04 7:51 p.m.11 views

nitropdf-s.cleverbridge.com Open Redirect vulnerability

Open Bug Bounty ID: OBB-485299 Description| Value ---|--- Affected Website:| nitropdf-s.cleverbridge.com Vulnerable Application:| Custom Code Vulnerability Type:| Open Redirect / CWE-601 CVSSv3 Score:| 3.4 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N Disclosure Standard:| Coordinated Disclosure...

6.9AI score
Exploits0
Openbugbounty
Openbugbounty
added 2018/01/04 7:1 p.m.15 views

nitropdf-cgn.cleverbridge.com Open Redirect vulnerability

Open Bug Bounty ID: OBB-485173 Description| Value ---|--- Affected Website:| nitropdf-cgn.cleverbridge.com Vulnerable Application:| Custom Code Vulnerability Type:| Open Redirect / CWE-601 CVSSv3 Score:| 3.4 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N Disclosure Standard:| Coordinated Disclosure...

6.9AI score
Exploits0
Exploit DB
Exploit DB
added 2013/03/15 12:0 a.m.28 views

Nitro Pro 8.0.3.1 - Crash (PoC)

!C:\Python27\python.exe Exploit Title: Nitro Pro 8.0.3.1 - DoS Date: 2012-10-07 Exploit Author: John Cobb Author Homepage: www.NoBytes.com Vendor Homepage: www.nitropdf.com Version: 8.0.3.1 Tested on: Win7 64bit CVE : None When the Object Index exceeds 10 characters the app crashes: !exploitable...

7.4AI score
Exploits0
Rows per page
Query Builder