Lucene search
K
GonitroNitropdf

8 matches found

CVE
CVE
added 2019/12/16 8:7 p.m.122 views

CVE-2019-19819

The CVE-2019-19819 issue affects Nitro Free PDF Reader 12.0.0.112, specifically the JBIG2Globals library (npdf.dll). A NULL Pointer Dereference in CAPPDAnnotHandlerUtils::PDAnnotHandlerDestroyData2+0x90ec can be triggered by crafted Unicode content, potentially causing a crash or denial of servic...

5.5CVSS5.5AI score0.01011EPSS
CVE
CVE
added 2019/10/09 8:55 p.m.90 views

CVE-2019-5046

CVE-2019-5046 affects NitroPDF 12.12.1.522. Cisco Talos details a remote code execution via a specially crafted jpeg2000 embedded in a PDF, triggering a heap corruption during Nitro PDF parsing. The root cause is an integer overflow in memory sizing for jpeg2000 decoding (xSiz/yTsiz), which leads...

8.8CVSS7.9AI score0.02282EPSS
CVE
CVE
added 2019/10/09 8:40 p.m.88 views

CVE-2019-5053

CVE-2019-5053 maps to a NitroPDF use-after-free in the Length parsing function, causing type confusion when parsing the Length field in PDFs. Talos advisories (TALOS-2019-0830) describe an exploitable use-after-free in NitroPDF 12.12.1.522 with the /Length value (or a reference to it) leading to ...

7.8CVSS7.5AI score0.01331EPSS
CVE
CVE
added 2019/10/09 8:40 p.m.87 views

CVE-2019-5045

CVE-2019-5045 affects NitroPDF 12.12.1.522. A crafted jpeg2000 embedded in a PDF can trigger a heap corruption during parsing, due to an under- or mis-sized allocation in the siz/sizDepth handling, potentially allowing arbitrary code execution. Cisco Talos details a heap-based overflow in the pdf...

8.8CVSS7.9AI score0.02282EPSS
CVE
CVE
added 2019/10/09 8:40 p.m.84 views

CVE-2019-5047

The vulnerability CVE-2019-5047 affects NitroPDF, specifically the CharProcs parsing path, where a crafted PDF can trigger a type confusion leading to a Use After Free. Talos advisories (TALOS-2019-0816) document an exploitable Use After Free in NitroPDF’s CharProcs parsing, with NitroPDF 12.12.1...

7.8CVSS7.5AI score0.01331EPSS
CVE
CVE
added 2019/10/09 8:55 p.m.82 views

CVE-2019-5048

CVE-2019-5048 is a NitroPDF 12.12.1.522 heap corruption remote code execution vulnerability in the ICCBased color space parsing of PDFs. A crafted PDF can trigger an out-of-bounds write during color space handling, leading to arbitrary code execution when the document is opened. Cisco Talos descr...

8.8CVSS7.9AI score0.02282EPSS
CVE
CVE
added 2019/10/09 8:55 p.m.82 views

CVE-2019-5050

CVE-2019-5050 : The NitroPDF 12.12.1.522 product contains a heap corruption vulnerability in the PDF parsing path that can lead to arbitrary code execution when a specially crafted PDF is opened. Talos/Cisco advisories (TALOS-2019-0819, TALOS-2019-0814, etc.) describe a parser confusion/heap-base...

8.8CVSS7.9AI score0.02562EPSS
CVE
CVE
added 2020/01/14 2:25 p.m.49 views

CVE-2013-2773

Nitro Pro / Nitro PDF Toolkit vulnerability CVE-2013-2773 is documented with concrete details: Nitro Pro 8.5.0.26 and older are affected by an insecure library loading (DLL hijacking) issue. The root cause is insecure DLL loading, enabling arbitrary code execution when a user opens a specially cr...

7.8CVSS7.7AI score0.00415EPSS