7 matches found
CVE-2016-8709
CVE-2016-8709 (Nitro Pro) is a remote memory corruption flaw in Nitro Pro 10’s PDF parsing, caused by an out-of-bounds write in the npdf.dll path. Exploitation requires a crafted PDF file and can result in memory corruption or code execution, as detailed in Talos’ Nitro Pro PDF Handling Code Exec...
CVE-2016-8713
CVE-2016-8713 corresponds to a memory-corruption vulnerability in Nitro Pro 10.5.9.9. Public analyses describe a remote or local memory corruption due to an out-of-bounds write in Nitro Pro’s PDF parsing path. The vulnerability centers on code in the npdf.dll module handling PDF content (e.g., op...
CVE-2016-8711
Nitro Pro 10 is affected by a remote code execution vulnerability in its PDF parsing functionality. The flaw is reported in the npdf.dll path (Nitro Pro’s PDF handling), where a crafted PDF can trigger code execution. Public writeups (Talos/Nitro) describe a memory-related condition inside CxImag...
CVE-2025-67825
CVE-2025-67825 affects Nitro PDF Pro for Windows prior to 14.42.0.34. The issue arises when signer information is taken from a non-verified PDF field instead of the verified certificate subject, allowing a document to display inconsistent signer details. The root cause is tied to the display logi...
CVE-2025-66769
A NULL pointer dereference in Nitro PDF Pro for Windows v14.41.1.4 allows an attacker to cause a Denial of Service via a crafted XFA packet. Affected product: Nitro PDF Pro for Windows; vulnerability type: NULL pointer dereference in XFA handling; impact: DoS (availability impact high). No exploi...
CVE-2025-69627
CVE-2025-69627 : Nitro PDF Pro for Windows 14.41.1.4 contains a heap use-after-free in the JavaScript method this.mailDoc(). During execution, an internal XID object is allocated and freed prematurely, after which the freed pointer is still passed into UI and logging helper functions. The freed m...
CVE-2025-69624
Nitro PDF Pro for Windows 14.41.1.4 contains a NULL pointer dereference in the JavaScript app.alert() implementation. When called with more than one argument and the first is null (e.g., app.alert(app.activeDocs, true) with activeDocs null), the engine routes to a fallback path for non-string arg...