8 matches found
CVE-2019-19819
The CVE-2019-19819 issue affects Nitro Free PDF Reader 12.0.0.112, specifically the JBIG2Globals library (npdf.dll). A NULL Pointer Dereference in CAPPDAnnotHandlerUtils::PDAnnotHandlerDestroyData2+0x90ec can be triggered by crafted Unicode content, potentially causing a crash or denial of servic...
CVE-2019-5046
CVE-2019-5046 affects NitroPDF 12.12.1.522. Cisco Talos details a remote code execution via a specially crafted jpeg2000 embedded in a PDF, triggering a heap corruption during Nitro PDF parsing. The root cause is an integer overflow in memory sizing for jpeg2000 decoding (xSiz/yTsiz), which leads...
CVE-2019-5053
CVE-2019-5053 maps to a NitroPDF use-after-free in the Length parsing function, causing type confusion when parsing the Length field in PDFs. Talos advisories (TALOS-2019-0830) describe an exploitable use-after-free in NitroPDF 12.12.1.522 with the /Length value (or a reference to it) leading to ...
CVE-2019-5045
CVE-2019-5045 affects NitroPDF 12.12.1.522. A crafted jpeg2000 embedded in a PDF can trigger a heap corruption during parsing, due to an under- or mis-sized allocation in the siz/sizDepth handling, potentially allowing arbitrary code execution. Cisco Talos details a heap-based overflow in the pdf...
CVE-2019-5047
The vulnerability CVE-2019-5047 affects NitroPDF, specifically the CharProcs parsing path, where a crafted PDF can trigger a type confusion leading to a Use After Free. Talos advisories (TALOS-2019-0816) document an exploitable Use After Free in NitroPDF’s CharProcs parsing, with NitroPDF 12.12.1...
CVE-2019-5048
CVE-2019-5048 is a NitroPDF 12.12.1.522 heap corruption remote code execution vulnerability in the ICCBased color space parsing of PDFs. A crafted PDF can trigger an out-of-bounds write during color space handling, leading to arbitrary code execution when the document is opened. Cisco Talos descr...
CVE-2019-5050
CVE-2019-5050 : The NitroPDF 12.12.1.522 product contains a heap corruption vulnerability in the PDF parsing path that can lead to arbitrary code execution when a specially crafted PDF is opened. Talos/Cisco advisories (TALOS-2019-0819, TALOS-2019-0814, etc.) describe a parser confusion/heap-base...
CVE-2013-2773
Nitro Pro / Nitro PDF Toolkit vulnerability CVE-2013-2773 is documented with concrete details: Nitro Pro 8.5.0.26 and older are affected by an insecure library loading (DLL hijacking) issue. The root cause is insecure DLL loading, enabling arbitrary code execution when a user opens a specially cr...