CVE-2020-6093
published 2020-05-18CVE-2020-6093: An exploitable information disclosure vulnerability exists in the way Nitro Pro 13.9.1.155 does XML error handling. A specially crafted PDF document can cause…
PriorityP425medium5.5CVSS 3.1
AVLACLPRNUIRSUCHINAN
EPSS
2.65%
83.7th percentile
An exploitable information disclosure vulnerability exists in the way Nitro Pro 13.9.1.155 does XML error handling. A specially crafted PDF document can cause uninitialized memory access resulting in information disclosure. In order to trigger this vulnerability, victim must open a malicious file.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| gonitro | nitro_pro | — | — |
| gonitro | nitro_pro | — | — |
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
nvdv3.06.5MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Talos
Vulnerability Spotlight: Multiple vulnerabilities in Nitro Pro PDF reader
blogs_talos·2020-05-18·CVSS 8.8
[HIGH] Vulnerability Spotlight: Multiple vulnerabilities in Nitro Pro PDF reader
## Vulnerability Spotlight: Multiple vulnerabilities in Nitro Pro PDF reader
Aleksandar Nikolic and Cory Duplantis of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw.
Cisco Talos recently discovered two code execution vulnerabilities and an information disclosure flaw in Nitro Pro PDF reader. Nitro PDF allows users to save, read, sign and edit PDFs on their computers.
The software contains vulnerabilities that could allow adversaries to carry out a variety of actions.
In accordance with our coordinated disclosure policy, Cisco Talos worked with Nitro PDF to ensure that these issues are resolved and that an update is available for affected customers.
## Vulnerability details Nitro PRO PDF nested pages remote code execution vulnerability (TALOS-2020-0997/CVE-2020-6074)
Talos
Vulnerability Spotlight: Multiple vulnerabilities in Nitro Pro PDF reader
blogs_talos·2020-05-18·CVSS 8.8
[HIGH] Vulnerability Spotlight: Multiple vulnerabilities in Nitro Pro PDF reader
Aleksandar Nikolic and Cory Duplantis of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw.
Cisco Talos recently discovered two code execution vulnerabilities and an information disclosure flaw in Nitro Pro PDF reader. Nitro PDF allows users to save, read, sign and edit PDFs on their computers.
The software contains vulnerabilities that could allow adversaries to carry out a variety of actions.
In accordance with our coordinated disclosure policy, Cisco Talos worked with Nitro PDF to ensure that these issues are resolved and that an update is available for affected customers.
### Vulnerability detailsNitro PRO PDF nested pages remote code execution vulnerability (TALOS-2020-0997/CVE-2020-6074)
An exploitable code execution vulnerability exists in the PDF parser of Nitr
2020-05-18
Published