VYPR
Vendor

Nitro Pro PDF

Products
1
CVEs
5
Across products
5
Status
Private

Products

1

Recent CVEs

5
  • CVE-2020-6092HigMay 18, 2020
    risk 0.54cvss 7.8epss 0.42

    An exploitable code execution vulnerability exists in the way Nitro Pro 13.9.1.155 parses Pattern objects. A specially crafted PDF file can trigger an integer overflow that can lead to arbitrary code execution. In order to trigger this vulnerability, victim must open a malicious…

  • CVE-2021-21796HigOct 18, 2021
    risk 0.52cvss 7.8epss 0.16

    An exploitable use-after-free vulnerability exists in the JavaScript implementation of Nitro Pro PDF. A specially crafted document can cause an object containing the path to a document to be destroyed and then later reused, resulting in a use-after-free vulnerability, which can…

  • CVE-2021-21798HigSep 15, 2021
    risk 0.52cvss 7.8epss 0.16

    An exploitable return of stack variable address vulnerability exists in the JavaScript implementation of Nitro Pro PDF. A specially crafted document can cause a stack variable to go out of scope, resulting in the application dereferencing a stale pointer. This can lead to code…

  • CVE-2013-2773HigJan 14, 2020
    risk 0.51cvss 7.8epss 0.00

    Nitro PDF 8.5.0.26: A specially crafted DLL file can facilitate Arbitrary Code Execution

  • CVE-2019-18958HigNov 21, 2019
    risk 0.51cvss 7.8epss 0.01

    Nitro Pro before 13.2 creates a debug.log file in the directory where a .pdf file is located, if the .pdf document was produced by an OCR operation on the JPEG output of a scanner. Reportedly, this can have a security risk if debug.log is later edited and then executed.