Lucene search
K
GonitroNitro Pro

18 matches found

CVE
CVE
added 2020/05/18 4:13 p.m.111 views

CVE-2020-6074

Nitro Pro 13.9.1.155’s PDF parser is affected by a use-after-free in nested pages processing that can lead to heap corruption and potentially remote code execution. The vulnerability arises during PDF parsing when allocating per-page buffers, with a path that frees a page object but does not clea...

8.8CVSS9AI score0.40879EPSS
CVE
CVE
added 2020/05/18 4:14 p.m.108 views

CVE-2020-6092

Nitro Pro 13.9.1.155 is affected by a code execution vulnerability tied to parsing of /Pattern objects in PDFs. The underlying issue is an integer overflow in the handling of the Pattern bounding box (/BBox), which can be triggered by crafted PDF patterns and may lead to arbitrary code execution....

8.8CVSS7.9AI score0.42268EPSS
CVE
CVE
added 2017/08/03 8:0 a.m.100 views

CVE-2017-7442

Summary (CVE-2017-7442) : Nitro Pro PDF Reader (version 11.0.3.173) is affected by a remote code execution vulnerability triggered via the Javascript API (saveAs and launchURL) that uses directory traversal sequences. Connected advisories describe a remote exploitation vector: convincing a user t...

8.8CVSS9AI score0.40692EPSS
CVE
CVE
added 2020/05/18 4:17 p.m.94 views

CVE-2020-6093

Nitro Pro 13.9.1.155 suffers an information-disclosure vulnerability in its XML error handling during PDF processing. A crafted PDF can trigger uninitialized memory access via NitroPDF’s Javascript error handling pathway (Spidermonkey integration), exposing sensitive heap data. Public writeups (T...

6.5CVSS5AI score0.0265EPSS
CVE
CVE
added 2020/03/08 9:46 p.m.90 views

CVE-2020-10222

Nitro Pro’s npdf.dll (versions before 13.13.2.242) is affected by a heap memory corruption vulnerability triggered by a crafted PDF, at npdf!nitro::get_property+2381. Public sources describe the issue as a heap corruption flaw in Nitro Pro’s PDF handling; CVE-2020-10222 carries a high impact with...

8.1CVSS7.8AI score0.02425EPSS
CVE
CVE
added 2020/03/08 9:46 p.m.84 views

CVE-2020-10223

Summary: CVE-2020-10223 affects Nitro Pro’s npdf.dll. The vulnerability is a JBIG2Decode CNxJBIG2DecodeStream heap corruption triggered by a crafted PDF document, impacting versions prior to Nitro Pro 13.13.2.242. The precise vulnerable component is NPDF code path npdf!CAPPDAnnotHandlerUtils::cre...

8.1CVSS7.8AI score0.02425EPSS
CVE
CVE
added 2021/01/07 5:38 p.m.80 views

CVE-2018-18688

The CVE-2018-18688 entry describes a signature-validation bypass in PDF processing that arises because the PDF specification lacks concrete validation procedures for incremental savings. Affected products include Foxit Reader (pre-9.4), Foxit PhantomPDF (pre-8.3.9 and pre-9.4 for 9.x), and other ...

5.3CVSS5.8AI score0.01133EPSS
CVE
CVE
added 2021/01/07 5:59 p.m.74 views

CVE-2018-18689

CVE-2018-18689 describes a Signature Wrapping issue in PDF signature validation caused by missing guidance in the PDF spec, allowing attackers to manipulate /ByteRange and xref without detection. The vulnerability affects Foxit Reader before 9.4 and PhantomPDF before 8.3.9 and 9.x before 9.4, as ...

5.3CVSS5.7AI score0.03688EPSS
CVE
CVE
added 2019/11/21 2:7 p.m.65 views

CVE-2019-18958

Nitro Pro before 13.2 is affected. The issue arises when a PDF is produced by OCR on the JPEG output of a scanner, causing Nitro Pro to write a debug.log in the same directory as the PDF. Reportedly, if this debug.log is later edited and then executed, it can pose a security risk. Connected docum...

7.8CVSS7.6AI score0.00547EPSS
CVE
CVE
added 2020/09/16 6:48 p.m.65 views

CVE-2020-6146

Nitro Pro 13.13.2.242 and 13.16.2.300 contain a heap-based buffer overflow in ICCBased color space stroke rendering. During page drawing, the code reads a length from the file and uses it as a loop sentinel to write into a static 0x248-byte buffer, allowing an attacker to overflow the heap when t...

8.8CVSS8.7AI score0.78475EPSS
CVE
CVE
added 2021/10/18 12:45 p.m.65 views

CVE-2021-21797

CVE-2021-21797 is a double-free vulnerability in Nitro Pro PDF’s JavaScript runtime (TimeOutObject) that can enable code execution when a specially crafted document is opened. The Red Hat advisory and Talos writeups confirm exploitation via Nitro Pro PDF’s embedded JavaScript, describing a double...

8.8CVSS7.6AI score0.15046EPSS
CVE
CVE
added 2017/07/07 11:0 a.m.63 views

CVE-2017-7950

CVE-2017-7950 affects Nitro Pro 11.0.3 and earlier. A crafted PCX file can cause an application crash (DoS) when Nitro Pro processes the file. Multiple sources (NVD/NV exploits) corroborate the DoS vector; some OpenVAS entries note related vulnerabilities in Nitro Pro. The public documents do not...

5.5CVSS5.3AI score0.0249EPSS
CVE
CVE
added 2021/10/18 12:42 p.m.60 views

CVE-2021-21796

CVE-2021-21796 is an exploitable use-after-free in the Nitro Pro PDF JavaScript implementation. A specially crafted Nitro Pro PDF document can cause a destroyed object (local_file_path) to be reused, enabling code execution under the application context. The vulnerability chain involves: (1) app....

8.8CVSS7.7AI score0.15777EPSS
CVE
CVE
added 2020/09/17 12:23 p.m.57 views

CVE-2020-6113

Nitro Pro ( Nitro Pro 13.13.2.242; and affected builds per TALOS include 13.16.2.300) contains an exploitable vulnerability in object stream parsing during cross-reference table updates. The root cause is an integer overflow when computing memory size for the list of indirect objects, which can a...

8.8CVSS8.1AI score0.6862EPSS
CVE
CVE
added 2020/09/17 12:18 p.m.55 views

CVE-2020-6116

Nitro Pro 13.13.2.242 is affected by an Indexed ColorSpace rendering vulnerability (CVE-2020-6116). The root cause is an integer overflow when computing the indexed palette size for colors in an Indexed colorspace, leading to an undersized malloc and a heap-based buffer overflow during palette po...

8.8CVSS8.1AI score0.28424EPSS
CVE
CVE
added 2020/09/17 12:23 p.m.51 views

CVE-2020-6112

Summary: CVE-2020-6112 is a memory corruption/remote code execution risk in Nitro Pro’s JPEG2000 Stripe Decoding (JPXDecode) path. The root cause is a miscalculation of a pointer while decoding sub-samples in a tile, enabling writes out of bounds to a buffer allocated for stripe decoding. This ca...

8.8CVSS7.9AI score0.17093EPSS
CVE
CVE
added 2020/09/17 12:19 p.m.51 views

CVE-2020-6115

Nitro CVE-2020-6115 affects Nitro Pro (notably 13.13.2.242 and 13.16.2.300). The root cause is a use-after-free triggered by a cross-reference (xref) table repair when a crafted PDF omits an object referenced by a trailer-controlled xref. During parsing, Nitro may resize the cross-reference table...

8.8CVSS7.6AI score0.02731EPSS
CVE
CVE
added 2021/09/15 1:19 p.m.50 views

CVE-2021-21798

CVE-2021-21798 affects Nitro Pro PDF through its JavaScript engine (np_java_script.dll/js32u.dll). A stack variable address return in the Document JavaScript bindings (notably Document.flattenPages) can cause a use-after-free on a JSStackFrame when an exception is raised, allowing code execution ...

8.8CVSS7.6AI score0.16102EPSS