CVE-2020-6074Use After Free in Nitro PRO

CWE-416Use After Free6 documents5 sources
Severity
8.8HIGHNVD
EPSS
0.4%
top 40.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Gonitro Nitro PRO
Timeline
PublishedMay 18
Latest updateMay 24

Description

An exploitable code execution vulnerability exists in the PDF parser of Nitro Pro 13.9.1.155. A specially crafted PDF document can cause a use-after-free which can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5gonitro/nitro_proNitro Pro 13.9.1.155
NVDgonitro/nitro_pro13.9.1.155

🔴Vulnerability Details

3
GHSA
GHSA-gwj2-7fw9-8jcx: An exploitable code execution vulnerability exists in the PDF parser of Nitro Pro 132022-05-24
Kernel
dccp: don't duplicate ccid when cloning dccp sock2021-09-08
CVEList
CVE-2020-6074: An exploitable code execution vulnerability exists in the PDF parser of Nitro Pro 132020-05-18
CVE-2020-6074 — Use After Free in Gonitro Nitro PRO | cvebase