Vulnerability CVE-2019-5050


Published: 2019-10-09

Description:
A specifically crafted PDF file can lead to a heap corruption when opened in NitroPDF 12.12.1.522. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim would need to open the malicious file.

Type:

CWE-843

(Access of Resource Using Incompatible Type ('Type Confusion'))

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.8/10
6.4/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Gonitro -> Nitropdf 

 References:
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0819

Copyright 2020, cxsecurity.com

 

Back to Top