54 matches found
CVE-2019-5053
An exploitable use-after-free vulnerability exists in the Length parsing function of NitroPDF. A specially crafted PDF can cause a type confusion, resulting in a use-after-free condition. An attacker can craft a malicious PDF to trigger this vulnerability...
CVE-2019-5053
CVE-2019-5053 maps to a NitroPDF use-after-free in the Length parsing function, causing type confusion when parsing the Length field in PDFs. Talos advisories (TALOS-2019-0830) describe an exploitable use-after-free in NitroPDF 12.12.1.522 with the /Length value (or a reference to it) leading to ...
Vulnerability Spotlight: Multiple remote code execution bugs in NitroPDF
Cory Duplantis and Aleksandar Nikolic of Cisco Talos discovered these vulnerabilities. Cisco Talos recently discovered multiple remote code execution vulnerabilities in NitroPDF. Nitro PDF allows users to save, read, sign and edit PDF files on their machines. There are two versions of the product...
NitroPDF ICCBased Color Space Remote Code Execution Vulnerability
Summary A specifically crafted PDF file can lead to a heap corruption when opened in NitroPDF 12.12.1.522. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim would need to open the malicious file. Tested Versions NitroPD...
Nitro Software NitroPDF Multiple Remote Code Execution and Memory Corruption Vulnerabilities
Description Nitro Software NitroPDF is prone to multiple remote code-execution vulnerabilities and a memory-corruption vulnerability. Attackers can exploit these issues to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely cause...
NitroPDF jpeg2000 ssizDepth Remote Code Execution Vulnerability
Summary A specifically crafted jpeg2000 file embedded in a PDF file can lead to a heap corruption when opening a PDF document in NitroPDF 12.12.1.522. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim would need to open...
NitroPDF CharProcs Remote Code Execution Vulnerability
Summary An exploitable Use After Free vulnerability exists in the CharProcs parsing functionality of NitroPDF. A specially crafted PDF can cause a type confusion, resulting in a Use After Free. An attacker can craft a malicious PDF to trigger this vulnerability. Tested Versions NitroPDF 12.2.1.52...
NitroPDF Page Kids Remote Code Execution Vulnerability
Summary A specifically crafted PDF file can lead to a heap corruption when opened in NitroPDF 12.12.1.522. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim would need to open the malicious file. Tested Versions NitroPD...
NitroPDF Stream Length Memory Corruption Vulnerability
Summary An exploitable use-after-free vulnerability exists in the Length parsing function of NitroPDF. A specially crafted PDF can cause a type confusion, resulting in a use-after-free condition. An attacker can craft a malicious PDF to trigger this vulnerability. Tested Versions NitroPDF...
NitroPDF jpeg2000 yTsiz Remote Code Execution Vulnerability
Summary A specifically crafted jpeg2000 file embedded in a PDF file can lead to a heap corruption when opening a PDF document in NitroPDF 12.12.1.522. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim would need to open...
store.nitropdf.com Open Redirect vulnerability
Open Bug Bounty ID: OBB-494124 Description| Value ---|--- Affected Website:| store.nitropdf.com Vulnerable Application:| Custom Code Vulnerability Type:| Open Redirect / CWE-601 CVSSv3 Score:| 3.4 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N Disclosure Standard:| Coordinated Disclosure based on I...
nitropdf-s.cleverbridge.com Open Redirect vulnerability
Open Bug Bounty ID: OBB-485299 Description| Value ---|--- Affected Website:| nitropdf-s.cleverbridge.com Vulnerable Application:| Custom Code Vulnerability Type:| Open Redirect / CWE-601 CVSSv3 Score:| 3.4 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N Disclosure Standard:| Coordinated Disclosure...
nitropdf-cgn.cleverbridge.com Open Redirect vulnerability
Open Bug Bounty ID: OBB-485173 Description| Value ---|--- Affected Website:| nitropdf-cgn.cleverbridge.com Vulnerable Application:| Custom Code Vulnerability Type:| Open Redirect / CWE-601 CVSSv3 Score:| 3.4 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N Disclosure Standard:| Coordinated Disclosure...
Nitro Pro 8.0.3.1 - Crash (PoC)
!C:\Python27\python.exe Exploit Title: Nitro Pro 8.0.3.1 - DoS Date: 2012-10-07 Exploit Author: John Cobb Author Homepage: www.NoBytes.com Vendor Homepage: www.nitropdf.com Version: 8.0.3.1 Tested on: Win7 64bit CVE : None When the Object Index exceeds 10 characters the app crashes: !exploitable...