RSS   Podatności dla 'Nitro pro'   RSS

2020-05-18
 
CVE-2020-6093

CWE-824
 

 
An exploitable information disclosure vulnerability exists in the way Nitro Pro 13.9.1.155 does XML error handling. A specially crafted PDF document can cause uninitialized memory access resulting in information disclosure. In order to trigger this vulnerability, victim must open a malicious file.

 
 
CVE-2020-6092

CWE-190
 

 
An exploitable code execution vulnerability exists in the way Nitro Pro 13.9.1.155 parses Pattern objects. A specially crafted PDF file can trigger an integer overflow that can lead to arbitrary code execution. In order to trigger this vulnerability, victim must open a malicious file.

 
 
CVE-2020-6074

CWE-416
 

 
An exploitable code execution vulnerability exists in the PDF parser of Nitro Pro 13.9.1.155. A specially crafted PDF document can cause a use-after-free which can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability.

 
2020-03-08
 
CVE-2020-10223

CWE-787
 

 
npdf.dll in Nitro Pro before 13.13.2.242 is vulnerable to JBIG2Decode CNxJBIG2DecodeStream Heap Corruption at npdf!CAPPDAnnotHandlerUtils::create_popup_for_markup+0x12fbe via a crafted PDF document.

 
 
CVE-2020-10222

CWE-787
 

 
npdf.dll in Nitro Pro before 13.13.2.242 is vulnerable to Heap Corruption at npdf!nitro::get_property+2381 via a crafted PDF document.

 
2019-11-21
 
CVE-2019-18958

CWE-20
 

 
Nitro Pro before 13.2 creates a debug.log file in the directory where a .pdf file is located, if the .pdf document was produced by an OCR operation on the JPEG output of a scanner. Reportedly, this can have a security risk if debug.log is later edited and then executed.

 

 >>> Vendor: Gonitro 3 Produkty
Nitropdf
Nitro pro
Nitro free pdf reader


Copyright 2020, cxsecurity.com

 

Back to Top