CVE-2020-6115Use After Free in Nitro PRO

CWE-416Use After Free3 documents3 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 98.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Gonitro Nitro PRO
Timeline
PublishedSep 17
Latest updateMay 24

Description

An exploitable vulnerability exists in the cross-reference table repairing functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242. While searching for an object identifier in a malformed document that is missing from the cross-reference table, the application will save a reference to the object’s cross-reference table entry inside a stack variable. If the referenced object identifier is not found, the application may resize the cross-reference table which can change the scope of its entry

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5gonitro/nitro_proNitro Pro 13.13.2.242 ,Nitro Pro 13.16.2.300
NVDgonitro/nitro_pro13.13.2.242, 13.16.2.300+1

🔴Vulnerability Details

2
GHSA
GHSA-pc78-6jfc-54mv: An exploitable vulnerability exists in the cross-reference table repairing functionality of Nitro Software, Inc2022-05-24
CVEList
CVE-2020-6115: An exploitable vulnerability exists in the cross-reference table repairing functionality of Nitro Software, Inc2020-09-17
CVE-2020-6115 — Use After Free in Gonitro Nitro PRO | cvebase