2 matches found
CVE-2019-5046
A specifically crafted jpeg2000 file embedded in a PDF file can lead to a heap corruption when opening a PDF document in NitroPDF 12.12.1.522. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim would need to open the...
CVE-2019-5046
CVE-2019-5046 affects NitroPDF 12.12.1.522. Cisco Talos details a remote code execution via a specially crafted jpeg2000 embedded in a PDF, triggering a heap corruption during Nitro PDF parsing. The root cause is an integer overflow in memory sizing for jpeg2000 decoding (xSiz/yTsiz), which leads...