CVE-2020-6146
published 2020-09-16CVE-2020-6146: An exploitable code execution vulnerability exists in the rendering functionality of Nitro Pro 13.13.2.242 and 13.16.2.300. When drawing the contents of a page…
PriorityP265high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EPSS
78.47%
99.5th percentile
An exploitable code execution vulnerability exists in the rendering functionality of Nitro Pro 13.13.2.242 and 13.16.2.300. When drawing the contents of a page and selecting the stroke color from an 'ICCBased' colorspace, the application will read a length from the file and use it as a loop sentinel when writing data into the member of an object. Due to the object member being a buffer of a static size allocated on the heap, this can result in a heap-based buffer overflow. A specially crafted document must be loaded by a victim in order to trigger this vulnerability.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| gonitro | nitro_pro | — | — |
| gonitro | nitro_pro | — | — |
| gonitro | nitro_pro | — | — |
Detection & IOCsextracted from sources · hover to see the quote
snort↗
53114
snort↗
53115
snort↗
53948
snort↗
53949
snort↗
53990
snort↗
53991
snort↗
53992
snort↗
53993
snort↗
54010
snort↗
54011
snort↗
54047
snort↗
54048
- →CVE-2020-6146 is triggered during PDF rendering when an ICCBased colorspace is used for stroke color; the application reads an attacker-controlled length from the file and uses it as a loop sentinel to write into a fixed-size heap buffer — look for malformed PDF documents containing ICCBased colorspace stream objects with anomalously large length values. ↗
- →Exploitation requires a victim to open a specially crafted PDF document; delivery vector is a malicious PDF file targeting Nitro Pro versions 13.13.2.242 and 13.16.2.300. ↗
- ·Snort rules listed cover the full set of Nitro Pro vulnerabilities disclosed in this advisory (CVE-2020-6112, -6113, -6115, -6116, -6146); individual rule-to-CVE mapping is not specified in the source — all rules should be enabled when defending against this advisory's vulnerability set. ↗
- ·Additional Snort rules may be released after publication; always consult Firepower Management Center or Snort.org for the most current rule set. ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Talos
Vulnerability Spotlight: Multiple vulnerabilities in Nitro Pro PDF reader
blogs_talos·2020-09-15·CVSS 7.8
[HIGH] Vulnerability Spotlight: Multiple vulnerabilities in Nitro Pro PDF reader
Cisco Talos researchers discovered these vulnerabilities. Blog by Jon Munshaw.
Cisco Talos recently discovered multiple code execution vulnerabilities in the Nitro Pro PDF reader. Nitro PDF allows users to save, read, sign and edit PDFs on their computers. The software contains vulnerabilities that could allow adversaries to exploit a victim machine in multiple ways that would eventually allow them to execute code.
In accordance with our coordinated disclosure policy, Cisco Talos worked with Nitro Pro to ensure that these issues are resolved and that an update is available for affected customers.
## Vulnerability details
Nitro Pro Indexed ColorSpace rendering code execution vulnerability (TALOS-2020-1070/CVE-2020-6116)
An arbitrary code execution vulnerability exists in the rendering
Talos
Vulnerability Spotlight: Multiple vulnerabilities in Nitro Pro PDF reader
blogs_talos·2020-09-15·CVSS 7.8
[HIGH] Vulnerability Spotlight: Multiple vulnerabilities in Nitro Pro PDF reader
## Vulnerability Spotlight: Multiple vulnerabilities in Nitro Pro PDF reader
Cisco Talos researchers discovered these vulnerabilities. Blog by Jon Munshaw.
Cisco Talos recently discovered multiple code execution vulnerabilities in the Nitro Pro PDF reader. Nitro PDF allows users to save, read, sign and edit PDFs on their computers. The software contains vulnerabilities that could allow adversaries to exploit a victim machine in multiple ways that would eventually allow them to execute code.
In accordance with our coordinated disclosure policy, Cisco Talos worked with Nitro Pro to ensure that these issues are resolved and that an update is available for affected customers.
## Vulnerability details
Nitro Pro Indexed ColorSpace rendering code execution vulnerability (TALOS-2020-1070/CVE-
2020-09-16
Published