Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Nitro_pro
(Gonitro)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 18 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-09-17 | CVE-2020-6116 | An arbitrary code execution vulnerability exists in the rendering functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242. When drawing the contents of a page using colors from an indexed colorspace, the application can miscalculate the size of a buffer when allocating space for its colors. When using this allocated buffer, the application can write outside its bounds and cause memory corruption which can lead to code execution. A specially crafted document must be loaded by a victim... | Nitro_pro | 7.8 | ||
| 2019-11-21 | CVE-2019-18958 | Nitro Pro before 13.2 creates a debug.log file in the directory where a .pdf file is located, if the .pdf document was produced by an OCR operation on the JPEG output of a scanner. Reportedly, this can have a security risk if debug.log is later edited and then executed. | Nitro_pro | 7.8 | ||
| 2020-03-08 | CVE-2020-10222 | npdf.dll in Nitro Pro before 13.13.2.242 is vulnerable to Heap Corruption at npdf!nitro::get_property+2381 via a crafted PDF document. | Nitro_pro | 8.1 | ||
| 2021-01-07 | CVE-2018-18689 | The Portable Document Format (PDF) specification does not provide any information regarding the concrete procedure of how to validate signatures. Consequently, a Signature Wrapping vulnerability exists in multiple products. An attacker can use /ByteRange and xref manipulations that are not detected by the signature-validation logic. This affects Foxit Reader before 9.4 and PhantomPDF before 8.3.9 and 9.x before 9.4. It also affects eXpert PDF 12 Ultimate, Expert PDF Reader, Nitro Pro, Nitro... | Expert_pdf_ultimate, Pdf_experte_ultimate, Foxit_reader, Nitro_pro, Nitro_reader, Pdf_editor_6, Pdfelement6, Pdf_architect, Pdf_studio, Pdf_studio_viewer_2018, Soda_pdf, Soda_pdf_desktop, Perfect_pdf_10, Perfect_pdf_reader, Pdf\-Xchange_editor, Pdf\-Xchange_viewer, Expert_pdf_reader | 5.3 | ||
| 2021-01-07 | CVE-2018-18688 | The Portable Document Format (PDF) specification does not provide any information regarding the concrete procedure of how to validate signatures. Consequently, an Incremental Saving vulnerability exists in multiple products. When an attacker uses the Incremental Saving feature to add pages or annotations, Body Updates are displayed to the user without any action by the signature-validation logic. This affects Foxit Reader before 9.4 and PhantomPDF before 8.3.9 and 9.x before 9.4. It also... | Master_pdf_editor, Foxit_reader, Phantompdf, Nitro_pro, Nitro_reader, Pdf_editor_6, Pdfelement6, Libreoffice, Power_pdf_standard, Pdf_studio, Pdf_studio_viewer_2018, Perfect_pdf_10, Perfect_pdf_reader | 5.3 | ||
| 2017-07-07 | CVE-2017-7950 | Nitro Pro 11.0.3 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted PCX file. | Nitro_pro | 5.5 | ||
| 2017-08-03 | CVE-2017-7442 | Nitro Pro 11.0.3.173 allows remote attackers to execute arbitrary code via saveAs and launchURL calls with directory traversal sequences. | Nitro_pro | 8.8 | ||
| 2020-03-08 | CVE-2020-10223 | npdf.dll in Nitro Pro before 13.13.2.242 is vulnerable to JBIG2Decode CNxJBIG2DecodeStream Heap Corruption at npdf!CAPPDAnnotHandlerUtils::create_popup_for_markup+0x12fbe via a crafted PDF document. | Nitro_pro | N/A |