CVE-2020-6074
published 2020-05-18CVE-2020-6074: An exploitable code execution vulnerability exists in the PDF parser of Nitro Pro 13.9.1.155. A specially crafted PDF document can cause a use-after-free which…
PriorityP261high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EPSS
40.88%
98.5th percentile
An exploitable code execution vulnerability exists in the PDF parser of Nitro Pro 13.9.1.155. A specially crafted PDF document can cause a use-after-free which can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| gonitro | nitro_pro | — | — |
| gonitro | nitro_pro | — | — |
Detection & IOCsextracted from sources · hover to see the quote
snort↗
53036
snort↗
53037
snort↗
53114
snort↗
53115
snort↗
53265
snort↗
53266
- →Trigger vector is a specially crafted PDF document exploiting the PDF parser's handling of nested pages, causing a use-after-free condition. Detection should focus on malformed/nested PDF page structures delivered to Nitro Pro 13.9.1.155. ↗
- →The vulnerability is specifically in the PDF parser component of Nitro Pro 13.9.1.155 (TALOS-2020-0997). Snort rules 53036 and 53037 are the primary rules mapped to CVE-2020-6074; rules 53114, 53115, 53265, 53266 cover the related CVEs in the same advisory. ↗
- ·Snort rules are subject to change and additional rules may be released. Always refer to Firepower Management Center or Snort.org for the most current rule versions. ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-gwj2-7fw9-8jcx: An exploitable code execution vulnerability exists in the PDF parser of Nitro Pro 13
ghsa_unreviewed·2022-05-24
CVE-2020-6074 [MEDIUM] CWE-416 GHSA-gwj2-7fw9-8jcx: An exploitable code execution vulnerability exists in the PDF parser of Nitro Pro 13
An exploitable code execution vulnerability exists in the PDF parser of Nitro Pro 13.9.1.155. A specially crafted PDF document can cause a use-after-free which can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability.
Kernel
dccp: don't duplicate ccid when cloning dccp sock
kernel_security·2021-09-08·CVSS 7.8
CVE-2017-6074 [HIGH] dccp: don't duplicate ccid when cloning dccp sock
dccp: don't duplicate ccid when cloning dccp sock
Commit 2677d2067731 ("dccp: don't free ccid2_hc_tx_sock ...") fixed
a UAF but reintroduced CVE-2017-6074.
When the sock is cloned, two dccps_hc_tx_ccid will reference to the
same ccid. So one can free the ccid object twice from two socks after
cloning.
This issue was found by "Hadar Manor" as well and assigned with
CVE-2020-16119, which was fixed in Ubuntu's kernel. So here I port
the patch from Ubuntu to fix it.
The patch prevents cloned socks from referencing the same ccid.
Fixes: 2677d2067731410 ("dccp: don't free ccid2_hc_tx_sock ...")
Signed-off-by: Zhenpeng Lin
Signed-off-by: David S. Miller
No detection rules found.
No public exploits indexed.
Talos
Vulnerability Spotlight: Multiple vulnerabilities in Nitro Pro PDF reader
blogs_talos·2020-05-18·CVSS 8.8
[HIGH] Vulnerability Spotlight: Multiple vulnerabilities in Nitro Pro PDF reader
## Vulnerability Spotlight: Multiple vulnerabilities in Nitro Pro PDF reader
Aleksandar Nikolic and Cory Duplantis of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw.
Cisco Talos recently discovered two code execution vulnerabilities and an information disclosure flaw in Nitro Pro PDF reader. Nitro PDF allows users to save, read, sign and edit PDFs on their computers.
The software contains vulnerabilities that could allow adversaries to carry out a variety of actions.
In accordance with our coordinated disclosure policy, Cisco Talos worked with Nitro PDF to ensure that these issues are resolved and that an update is available for affected customers.
## Vulnerability details Nitro PRO PDF nested pages remote code execution vulnerability (TALOS-2020-0997/CVE-2020-6074)
Talos
Vulnerability Spotlight: Multiple vulnerabilities in Nitro Pro PDF reader
blogs_talos·2020-05-18·CVSS 8.8
[HIGH] Vulnerability Spotlight: Multiple vulnerabilities in Nitro Pro PDF reader
Aleksandar Nikolic and Cory Duplantis of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw.
Cisco Talos recently discovered two code execution vulnerabilities and an information disclosure flaw in Nitro Pro PDF reader. Nitro PDF allows users to save, read, sign and edit PDFs on their computers.
The software contains vulnerabilities that could allow adversaries to carry out a variety of actions.
In accordance with our coordinated disclosure policy, Cisco Talos worked with Nitro PDF to ensure that these issues are resolved and that an update is available for affected customers.
### Vulnerability detailsNitro PRO PDF nested pages remote code execution vulnerability (TALOS-2020-0997/CVE-2020-6074)
An exploitable code execution vulnerability exists in the PDF parser of Nitr
2020-05-18
Published