Published: 09/10/2019 Updated: 11/10/2019
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Summary

A specifically crafted PDF file can lead to a heap corruption when opened in NitroPDF With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim would need to open the malicious file.

Vulnerability Trend

Affected Products

Vendor Product Versions

Recent Articles

Nitro PDF Pro to Get Micropatches for 7 Potential RCE Bugs
BleepingComputer • Ionut Ilascu • 12 Oct 2019

The current version of Nitro PDF Pro has at least one vulnerability that could be used to attempt remote code execution on the victim host. A fix from a third party is on its way.
An official patch from the developer is unavailable for this security flaw, which has a severity score of 8.8 out of 10. Leveraging is possible through a specially crafted PDF file opened with a vulnerable version of the software.
Nitro PDF's developer has a customer base predominantly from the enterprise w...