6.8
CVSSv2

CVE-2019-5050

Published: 09/10/2019 Updated: 11/10/2019
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Summary

A specifically crafted PDF file can lead to a heap corruption when opened in NitroPDF 12.12.1.522. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim would need to open the malicious file.

Vulnerability Trend

Affected Products

Vendor Product Versions
GonitroNitropdf12.12.1.522

Recent Articles

Nitro PDF Pro to Get Micropatches for 7 Potential RCE Bugs
BleepingComputer • Ionut Ilascu • 12 Oct 2019

The current version of Nitro PDF Pro has at least one vulnerability that could be used to attempt remote code execution on the victim host. A fix from a third party is on its way.
An official patch from the developer is unavailable for this security flaw, which has a severity score of 8.8 out of 10. Leveraging is possible through a specially crafted PDF file opened with a vulnerable version of the software.
Nitro PDF's developer has a customer base predominantly from the enterprise w...