CVE-2018-18688

The Portable Document Format PDF specification does not provide any information regarding the concrete procedure of how to validate signatures. Consequently, an Incremental Saving vulnerability exists in multiple products. When an attacker uses the Incremental Saving feature to add pages or...

CVE-2018-18689

The Portable Document Format PDF specification does not provide any information regarding the concrete procedure of how to validate signatures. Consequently, a Signature Wrapping vulnerability exists in multiple products. An attacker can use /ByteRange and xref manipulations that are not detected...

CVE-2018-18689

CVE-2018-18689 describes a Signature Wrapping issue in PDF signature validation caused by missing guidance in the PDF spec, allowing attackers to manipulate /ByteRange and xref without detection. The vulnerability affects Foxit Reader before 9.4 and PhantomPDF before 8.3.9 and 9.x before 9.4, as ...

CVE-2018-18688

The Portable Document Format PDF specification does not provide any information regarding the concrete procedure of how to validate signatures. Consequently, an Incremental Saving vulnerability exists in multiple products. When an attacker uses the Incremental Saving feature to add pages or...

CVE-2019-19817

The JBIG2Decode library in npdf.dll in Nitro Free PDF Reader 12.0.0.112 has a CAPPDAnnotHandlerUtils::PDAnnotHandlerDestroyData2+0x2e8a Out-of-Bounds Read via crafted Unicode content...

Nitro Pro and Nitro Reader Arbitrary Code Execution Vulnerability (CNVD-2018-06312)

Nitro Pro/Nitro Reader are both products of the U.S. Nitro Pro is a PDF production and management software.Nitro Reader is a PDF solution. Nitro Pro 7.5.0.22 and earlier versions and Nitro Reader 2.5.0.36 and earlier versions of a security vulnerability. A remote attacker can exploit this...

Nitro Pro and Nitro Reader Arbitrary Code Execution Vulnerabilities

Nitro Pro/Nitro Reader are both products of the U.S. Nitro Pro is a PDF production and management software.Nitro Reader is a PDF solution. Nitro Pro 7.5.0.29 and earlier versions and Nitro Reader 2.5.0.45 and earlier versions of a security vulnerability. A remote attacker can exploit this...

Code injection

Nitro Pro 7.5.0.22 and earlier and Nitro Reader 2.5.0.36 and earlier allow remote attackers to execute arbitrary code via a crafted PDF file...

CVE-2013-3552

Nitro Pro 7.5.0.29 and earlier and Nitro Reader 2.5.0.45 and earlier allow remote attackers to execute arbitrary code via a crafted PDF file...

Code injection

Nitro Pro 7.5.0.29 and earlier and Nitro Reader 2.5.0.45 and earlier allow remote attackers to execute arbitrary code via a crafted PDF file...

CVE-2013-3553

CVE-2013-3553 affects Nitro Pro 7.5.0.22 and earlier and Nitro Reader 2.5.0.36 and earlier. The root cause is an issue in memory handling when parsing specially crafted PDF files, allowing remote code execution. Successful exploitation could grant the attacker the same user rights as the current ...

CVE-2013-3552

Nitro Pro 7.5.0.29 and earlier and Nitro Reader 2.5.0.45 and earlier allow remote attackers to execute arbitrary code via a crafted PDF file...

Nitro Reader <= 2.5.0.45 Memory Corruption

The version of Nitro Reader installed on the remote Windows host is less than or equal to 2.5.0.45 and is, therefore, reportedly affected by a memory corruption vulnerability when parsing specially crafted PDF files. C Tenable network Security, Inc. include"compat.inc"; if description...

Nitro Reader Installed

Nitro Reader, a PDF reader, is installed on the remote Windows host. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid66764; scriptversion"1.8"; scriptsetattributeattribute:"pluginmodificationdate", value:"2022/10/10"; scriptnameenglish:"Nitro Reader Installed";...

Heap Corruption in Nitro Reader Could Allow Arbitrary Code Execution

Executive Summary Microsoft is providing notification of the discovery and remediation of a vulnerability affecting Nitro Pro version 7.5.0.22 and earlier versions and Nitro Reader version 2.5.0.36 and earlier versions. Microsoft discovered and disclosed the vulnerability under coordinated...

Memory Corruption in Nitro Reader Could Allow Arbitrary Code Execution

Executive Summary Microsoft is providing notification of the discovery and remediation of a vulnerability affecting Nitro Pro version 7.5.0.29 and earlier versions and Nitro Reader version 2.5.0.45 and earlier versions. Microsoft discovered and disclosed the vulnerability under coordinated...