Nitro Pro PDF
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-6092 | Hig | 0.54 | 7.8 | 0.42 | May 18, 2020 | An exploitable code execution vulnerability exists in the way Nitro Pro 13.9.1.155 parses Pattern objects. A specially crafted PDF file can trigger an integer overflow that can lead to arbitrary code execution. In order to trigger this vulnerability, victim must open a malicious… | ||
| CVE-2021-21796 | Hig | 0.52 | 7.8 | 0.16 | Oct 18, 2021 | An exploitable use-after-free vulnerability exists in the JavaScript implementation of Nitro Pro PDF. A specially crafted document can cause an object containing the path to a document to be destroyed and then later reused, resulting in a use-after-free vulnerability, which can… | ||
| CVE-2021-21798 | Hig | 0.52 | 7.8 | 0.16 | Sep 15, 2021 | An exploitable return of stack variable address vulnerability exists in the JavaScript implementation of Nitro Pro PDF. A specially crafted document can cause a stack variable to go out of scope, resulting in the application dereferencing a stale pointer. This can lead to code… | ||
| CVE-2013-2773 | Hig | 0.51 | 7.8 | 0.00 | Jan 14, 2020 | Nitro PDF 8.5.0.26: A specially crafted DLL file can facilitate Arbitrary Code Execution | ||
| CVE-2019-18958 | Hig | 0.51 | 7.8 | 0.01 | Nov 21, 2019 | Nitro Pro before 13.2 creates a debug.log file in the directory where a .pdf file is located, if the .pdf document was produced by an OCR operation on the JPEG output of a scanner. Reportedly, this can have a security risk if debug.log is later edited and then executed. |
- risk 0.54cvss 7.8epss 0.42
An exploitable code execution vulnerability exists in the way Nitro Pro 13.9.1.155 parses Pattern objects. A specially crafted PDF file can trigger an integer overflow that can lead to arbitrary code execution. In order to trigger this vulnerability, victim must open a malicious…
- risk 0.52cvss 7.8epss 0.16
An exploitable use-after-free vulnerability exists in the JavaScript implementation of Nitro Pro PDF. A specially crafted document can cause an object containing the path to a document to be destroyed and then later reused, resulting in a use-after-free vulnerability, which can…
- risk 0.52cvss 7.8epss 0.16
An exploitable return of stack variable address vulnerability exists in the JavaScript implementation of Nitro Pro PDF. A specially crafted document can cause a stack variable to go out of scope, resulting in the application dereferencing a stale pointer. This can lead to code…
- risk 0.51cvss 7.8epss 0.00
Nitro PDF 8.5.0.26: A specially crafted DLL file can facilitate Arbitrary Code Execution
- risk 0.51cvss 7.8epss 0.01
Nitro Pro before 13.2 creates a debug.log file in the directory where a .pdf file is located, if the .pdf document was produced by an OCR operation on the JPEG output of a scanner. Reportedly, this can have a security risk if debug.log is later edited and then executed.