CVE-2021-21797
published 2021-10-18CVE-2021-21797: An exploitable double-free vulnerability exists in the JavaScript implementation of Nitro Pro PDF. A specially crafted document can cause a reference to a…
PriorityP345high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
EPSS
15.05%
96.3th percentile
An exploitable double-free vulnerability exists in the JavaScript implementation of Nitro Pro PDF. A specially crafted document can cause a reference to a timeout object to be stored in two different places. When closed, the document will result in the reference being released twice. This can lead to code execution under the context of the application. An attacker can convince a user to open a document to trigger this vulnerability.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| gonitro | nitro_pro | — | — |
| gonitro | nitro_pro | — | — |
| gonitro | nitro_pro | — | — |
Detection & IOCsextracted from sources · hover to see the quote
snort↗
57303
snort↗
57304
snort↗
57294
snort↗
57295
- →Exploitation requires opening a specially crafted malicious PDF document; monitor for suspicious PDF opens in Nitro Pro triggering double-free conditions in the JavaScript engine's timeout object handling. ↗
- ·Snort rules 57303, 57304, 57294, and 57295 are subject to change as additional vulnerability information becomes available; always pull the latest rule versions from Firepower Management Center or Snort.org. ↗
- ·Confirmed vulnerable versions are Nitro Pro 13.31.0.605 and 13.33.2.645; detections should be scoped to these versions until broader version coverage is confirmed. ↗
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Checkpoint
18th October – Threat Intelligence Report
blogs_checkpoint·2021-10-18
CVE-2021-40449 18th October – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 18th October – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 18th October, please download our Threat Intelligence Bulletin .
Top Attacks and Breaches
Israeli Medical Center Hillel Yaffe has been targeted by ransomware affecting the hospital’s computer systems, which have been working in a limited capacity since the attack occurred.
Russia-based group TA505 is running a new email phishing campaign dubbed MirrorBlast, targeting financial organizations with malicious mac
Talos
Vulnerability Spotlight: Code execution vulnerabilities in Nitro Pro PDF
blogs_talos·2021-10-14·CVSS 7.8
CVE-2021-21796 [HIGH] Vulnerability Spotlight: Code execution vulnerabilities in Nitro Pro PDF
A Cisco Talos team member discovered these vulnerabilities.
Cisco Talos recently discovered multiple vulnerabilities in the Nitro Pro PDF reader that could allow an attacker to execute code in the context of the application.
Nitro Pro PDF is part of Nitro Software’s Productivity Suite. Pro PDF allows users to create and modify PDFs and other digital documents. It includes support for several capabilities via third-party libraries to parse the PDFs. TALOS-2021-1265 (CVE-2021-21796) is a use-after-free vulnerability that can be triggered if a target opens a specially crafted, malicious PDF.
TALOS-2021-1266 (CVE-2021-21797) is a double-free vulnerability that can cause a reference to a timeout object to be stored in two different places, eventually leading to the ability to execute code un
Talos
Vulnerability Spotlight: Code execution vulnerabilities in Nitro Pro PDF
blogs_talos·2021-10-14·CVSS 7.8
[HIGH] Vulnerability Spotlight: Code execution vulnerabilities in Nitro Pro PDF
## Vulnerability Spotlight: Code execution vulnerabilities in Nitro Pro PDF
A Cisco Talos team member discovered these vulnerabilities.
Cisco Talos recently discovered multiple vulnerabilities in the Nitro Pro PDF reader that could allow an attacker to execute code in the context of the application.
Nitro Pro PDF is part of Nitro Software’s Productivity Suite. Pro PDF allows users to create and modify PDFs and other digital documents. It includes support for several capabilities via third-party libraries to parse the PDFs. TALOS-2021-1265 (CVE-2021-21796) is a use-after-free vulnerability that can be triggered if a target opens a specially crafted, malicious PDF.
TALOS-2021-1266 (CVE-2021-21797) is a double-free vulnerability that can cause a reference to a timeout object to be stored
Wiz
CVE-2025-67825 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.8
CVE-2025-67825 [HIGH] CVE-2025-67825 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-67825 :
Nitro Pro vulnerability analysis and mitigation
An issue was discovered in Nitro PDF Pro for Windows before 14.42.0.34. In certain cases, it displays signer information from a non-verified PDF field rather than from the verified certificate subject. This could allow a document to present inconsistent signer details. The display logic was updated to ensure signer information consistently reflects the verified certificate identity.
Source : NVD
## 5.5
Score
Published January 8, 2026
Severity MEDIUM
CNA Score 5.5
Affected Technologies
Nitro Pro
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) N/A
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe
2021-10-18
Published