21 matches found
EUVD-2020-27266
Malware in sbrugna...
CVE-2020-6115
An exploitable vulnerability exists in the cross-reference table repairing functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242. While searching for an object identifier in a malformed document that is missing from the cross-reference table, the application will save a reference to the...
Vulnerability Spotlight: Code execution vulnerabilities in Nitro Pro PDF
A Cisco Talos team member discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered multiple vulnerabilities in the Nitro Pro PDF reader that could allow an attacker to execute code in the context of the application. Nitro Pro PDF is part of Nitro Software’s... This i...
Nitro software data breach: Hackers claim selling customer data
By Waqas Nitro Software Inc’s data breach may affect industry bigwigs like Apple, Google, and Microsoft. This is a post from HackRead.com Read the original post: Nitro software data breach: Hackers claim selling customer data...
CVE-2020-6116
An arbitrary code execution vulnerability exists in the rendering functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242. When drawing the contents of a page using colors from an indexed colorspace, the application can miscalculate the size of a buffer when allocating space for its colors...
CVE-2020-6113
An exploitable vulnerability exists in the object stream parsing functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242 when updating its cross-reference table. When processing an object stream from a PDF document, the application will perform a calculation in order to allocate memory for...
CVE-2020-6115
An exploitable vulnerability exists in the cross-reference table repairing functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242. While searching for an object identifier in a malformed document that is missing from the cross-reference table, the application will save a reference to the...
Remote code execution
An arbitrary code execution vulnerability exists in the rendering functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242. When drawing the contents of a page using colors from an indexed colorspace, the application can miscalculate the size of a buffer when allocating space for its colors...
Cross site scripting
An exploitable vulnerability exists in the cross-reference table repairing functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242. While searching for an object identifier in a malformed document that is missing from the cross-reference table, the application will save a reference to the...
CVE-2020-6113
An exploitable vulnerability exists in the object stream parsing functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242 when updating its cross-reference table. When processing an object stream from a PDF document, the application will perform a calculation in order to allocate memory for...
CVE-2020-6113
Nitro Pro ( Nitro Pro 13.13.2.242; and affected builds per TALOS include 13.16.2.300) contains an exploitable vulnerability in object stream parsing during cross-reference table updates. The root cause is an integer overflow when computing memory size for the list of indirect objects, which can a...
CVE-2020-6112
An exploitable code execution vulnerability exists in the JPEG2000 Stripe Decoding functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242 when decoding sub-samples. While initializing tiles with sub-sample data, the application can miscalculate a pointer for the stripes in the tile which...
CVE-2020-6112
Summary: CVE-2020-6112 is a memory corruption/remote code execution risk in Nitro Pro’s JPEG2000 Stripe Decoding (JPXDecode) path. The root cause is a miscalculation of a pointer while decoding sub-samples in a tile, enabling writes out of bounds to a buffer allocated for stripe decoding. This ca...
Nitro Pro PDF Object Stream Parsing Number of Objects Remote Code Execution Vulnerability
Summary An exploitable vulnerability exists in the object stream parsing functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242 when updating its cross-reference table. When processing an object stream from a PDF document, the application will perform a calculation in order to allocate...
Nitro Software Nitro Pro Code Execution Vulnerability
Nitro Software Nitro Pro is a U.S. Nitro Software PDF document editor software. The software supports PDF document editing, PDF document formatting and encryption of PDF documents and other functions. Nitro Software Nitro Pro 13.9.1.155 version of the way to parse the mold Pattern object there is...
CVE-2019-19315
NLSSRV32.EXE in Nalpeiron Licensing Service 7.3.4.0, as used with Nitro PDF and other products, allows Elevation of Privilege via the \.\mailslot\nlsX86ccMailslot mailslot...
Nitro Software PDF Reader Null Pointer Dereference Vulnerability
Nitro Software PDF Reader is a suite of PDF document editors from Nitro Software, Inc. The product is mainly used to create, edit, view and convert PDF documents. Nitro Software PDF Reader 12.0.0.112 in the npdf.dll in the JBIG2Globals inventory in the...
Nitro Software PDF Reader Buffer Error Vulnerability
Nitro Software PDF Reader is a suite of PDF document editors from Nitro Software, Inc. The product is mainly used to create, edit, view and convert PDF documents. A buffer error vulnerability exists in Nitro Software PDF Reader version 12.0.0.112. The vulnerability arises when a networked system ...
Nitro Software NitroPDF Remote Code Execution Vulnerability
Nitro Software NitroPDF is a software for viewing and editing PDF files from Nitro Software, USA. A remote code execution vulnerability exists in Nitro Software NitroPDF version 12.12.1.522, which can be exploited to execute arbitrary code with the help of specially crafted PDF files...
Nitro Software NitroPDF Resource Management Error Vulnerability (CNVD-2019-34907)
Nitro Software NitroPDF is a software for viewing and editing PDF files from Nitro Software, USA. A resource management error vulnerability exists in Nitro Software NitroPDF. An attacker can exploit this vulnerability to achieve remote code execution via specially crafted PDFs...