CVE-2020-10223Out-of-bounds Write in Nitro PRO

CWE-787Out-of-bounds Write3 documents3 sources
Severity
8.1HIGHNVD
EPSS
0.0%
top 94.61%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Gonitro Nitro PRO
Timeline
PublishedMar 8
Latest updateMay 24

Description

npdf.dll in Nitro Pro before 13.13.2.242 is vulnerable to JBIG2Decode CNxJBIG2DecodeStream Heap Corruption at npdf!CAPPDAnnotHandlerUtils::create_popup_for_markup+0x12fbe via a crafted PDF document.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:HExploitability: 2.8 | Impact: 5.2

Affected Packages1 packages

NVDgonitro/nitro_pro< 13.13.2.242

🔴Vulnerability Details

2
GHSA
GHSA-cw22-r4v9-jqrg: npdf2022-05-24
CVEList
CVE-2020-10223: npdf2020-03-08
CVE-2020-10223 — Out-of-bounds Write in Nitro PRO | cvebase