Lucene search
Vulnerability Spotlight: Multiple remote code execution bugs in NitroPDF
ποΈΒ 09 Oct 2019Β 07:50:30Reported byΒ [email protected] (Jon Munshaw)TypeΒ 
Β talosblogπΒ feedproxy.google.comπΒ 84Β Views
Multiple remote code execution vulnerabilities in NitroPDF Pro version. Vulnerabilities include jpeg2000 ssizDepth, Page Kids, ICCBased color space, CharProcs, and jpeg2000 yTsiz. Exploiting these vulnerabilities allows an attacker to execute arbitrary code by tricking a user into opening a malicious PDF file. Cisco Talos discovered these vulnerabilities and disclosed them due to NitroPDF's failure to provide a patch within the 90-day deadline.
| Reporter | Title | Published | Views | Family All 36 |
|---|---|---|---|---|
 | CVE-2019-5047 | 9 Oct 201920:40 | β | cvelist |
| CVE-2019-5046 | 9 Oct 201920:55 | β | cvelist |
| CVE-2019-5053 | 9 Oct 201920:40 | β | cvelist |
| CVE-2019-5050 | 9 Oct 201920:55 | β | cvelist |
| CVE-2019-5048 | 9 Oct 201920:55 | β | cvelist |
| CVE-2019-5045 | 9 Oct 201920:40 | β | cvelist |
 | Design/Logic Flaw | 9 Oct 201921:15 | β | prion |
| Design/Logic Flaw | 9 Oct 201921:15 | β | prion |
| Type confusion | 9 Oct 201921:15 | β | prion |
| Type confusion | 9 Oct 201921:15 | β | prion |
10
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. ContactΒ us for a demo andΒ discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo09 Oct 2019 07:30Current
1.2Low risk
Vulners AI Score1.2
EPSS0.00103