CVE-2020-6113Integer Overflow or Wraparound in Nitro PRO

CWE-190Integer Overflow or WraparoundCWE-131Incorrect Calculation of Buffer SizeCWE-787Out-of-bounds Write3 documents3 sources
Severity
7.8HIGHNVD
EPSS
0.5%
top 34.19%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Gonitro Nitro PRO
Timeline
PublishedSep 17
Latest updateMay 24

Description

An exploitable vulnerability exists in the object stream parsing functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242 when updating its cross-reference table. When processing an object stream from a PDF document, the application will perform a calculation in order to allocate memory for the list of indirect objects. Due to an error when calculating this size, an integer overflow may occur which can result in an undersized buffer being allocated. Later when initializing this buffer, the

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5gonitro/nitro_proNitro Pro 13.13.2.242, Nitro Pro 13.16.2.300
NVDgonitro/nitro_pro13.13.2.242, 13.16.2.300+1

🔴Vulnerability Details

2
GHSA
GHSA-qrv7-h49g-2qfw: An exploitable vulnerability exists in the object stream parsing functionality of Nitro Software, Inc2022-05-24
CVEList
CVE-2020-6113: An exploitable vulnerability exists in the object stream parsing functionality of Nitro Software, Inc2020-09-17
CVE-2020-6113 — Integer Overflow or Wraparound | cvebase