VYPR
Vendor

Gonitro

Products
1
CVEs
12
Across products
12
Status
Private

Products

1

Recent CVEs

12
  • CVE-2017-7442HigAug 3, 2017
    risk 0.63cvss 8.8epss 0.41

    Nitro Pro 11.0.3.173 allows remote attackers to execute arbitrary code via saveAs and launchURL calls with directory traversal sequences.

  • CVE-2025-69627HigApr 13, 2026
    risk 0.55cvss 8.4epss 0.00

    Nitro PDF Pro for Windows 14.41.1.4 contains a heap use-after-free vulnerability in the implementation of the JavaScript method this.mailDoc(). During execution, an internal XID object is allocated and then freed prematurely, after which the freed pointer is still passed into UI…

  • CVE-2016-8713HigFeb 10, 2017
    risk 0.51cvss 7.8epss 0.01

    A remote out of bound write / memory corruption vulnerability exists in the PDF parsing functionality of Nitro Pro 10.5.9.9. A specially crafted PDF file can cause a vulnerability resulting in potential memory corruption. An attacker can send the victim a specific PDF file to…

  • CVE-2016-8711HigFeb 10, 2017
    risk 0.51cvss 7.8epss 0.02

    A potential remote code execution vulnerability exists in the PDF parsing functionality of Nitro Pro 10. A specially crafted PDF file can cause a vulnerability resulting in potential code execution. An attacker can send the victim a specific PDF file to trigger this…

  • CVE-2016-8709HigFeb 10, 2017
    risk 0.51cvss 7.8epss 0.01

    A remote out of bound write / memory corruption vulnerability exists in the PDF parsing functionality of Nitro Pro 10. A specially crafted PDF file can cause a vulnerability resulting in potential memory corruption. An attacker can send the victim a specific PDF file to trigger…

  • CVE-2025-69624HigApr 13, 2026
    risk 0.49cvss 7.5epss 0.00

    Nitro PDF Pro for Windows 14.41.1.4 contains a NULL pointer dereference vulnerability in the JavaScript implementation of app.alert(). When app.alert() is called with more than one argument and the first argument evaluates to null (for example, app.alert(app.activeDocs, true)…

  • CVE-2025-66769HigApr 13, 2026
    risk 0.49cvss 7.5epss 0.00

    A NULL pointer dereference in Nitro PDF Pro for Windows v14.41.1.4 allows attackers to cause a Denial of Service (DoS) via a crafted XFA packet.

  • CVE-2017-7950MedJul 7, 2017
    risk 0.39cvss 5.5epss 0.02

    Nitro Pro 11.0.3 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted PCX file.

  • CVE-2020-6113Sep 17, 2020
    risk 0.00cvss epss 0.69

    An exploitable vulnerability exists in the object stream parsing functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242 when updating its cross-reference table. When processing an object stream from a PDF document, the application will perform a calculation in order to…

  • CVE-2020-6112Sep 17, 2020
    risk 0.00cvss epss 0.17

    An exploitable code execution vulnerability exists in the JPEG2000 Stripe Decoding functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242 when decoding sub-samples. While initializing tiles with sub-sample data, the application can miscalculate a pointer for the stripes…

  • CVE-2020-6115Sep 17, 2020
    risk 0.00cvss epss 0.03

    An exploitable vulnerability exists in the cross-reference table repairing functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242. While searching for an object identifier in a malformed document that is missing from the cross-reference table, the application will save…

  • CVE-2020-6116Sep 17, 2020
    risk 0.00cvss epss 0.28

    An arbitrary code execution vulnerability exists in the rendering functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242. When drawing the contents of a page using colors from an indexed colorspace, the application can miscalculate the size of a buffer when allocating…