Nitropdf
CVE-2019-5050
HIGH
Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
A specifically crafted PDF file can lead to a heap corruption when opened in NitroPDF 12.12.1.522. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim would need to open the malicious file.
AnalysisAI
A specifically crafted PDF file can lead to a heap corruption when opened in NitroPDF 12.12.1.522. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-122. A specifically crafted PDF file can lead to a heap corruption when opened in NitroPDF 12.12.1.522. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim would need to open the malicious file. Affected products include: Gonitro Nitropdf.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
An exploitable use-after-free vulnerability exists in the Length parsing function of NitroPDF. Rated high severity (CVSS
A specifically crafted PDF file can lead to a heap corruption when opened in NitroPDF 12.12.1.522. Rated high severity (
An exploitable Use After Free vulnerability exists in the CharProcs parsing functionality of NitroPDF. Rated high severi
A specifically crafted jpeg2000 file embedded in a PDF file can lead to a heap corruption when opening a PDF document in
A specifically crafted jpeg2000 file embedded in a PDF file can lead to a heap corruption when opening a PDF document in
Same weakness CWE-122 – Heap-based Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today