Skip to main content

Nitro Pro

16 CVEs product

Monthly

CVE-2021-21797 HIGH POC THREAT This Week

An exploitable double-free vulnerability exists in the JavaScript implementation of Nitro Pro PDF. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Nitro Pro
NVD
CVSS 3.1
7.8
EPSS
15.0%
CVE-2021-21796 HIGH POC THREAT This Week

An exploitable use-after-free vulnerability exists in the JavaScript implementation of Nitro Pro PDF. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free RCE Memory Corruption Nitro Pro
NVD
CVSS 3.1
7.8
EPSS
15.8%
CVE-2021-21798 HIGH POC THREAT This Week

An exploitable return of stack variable address vulnerability exists in the JavaScript implementation of Nitro Pro PDF. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Nitro Pro
NVD
CVSS 3.1
7.8
EPSS
16.1%
CVE-2020-6116 HIGH POC THREAT This Week

An arbitrary code execution vulnerability exists in the rendering functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Nitro Pro
NVD
CVSS 3.1
7.8
EPSS
28.4%
CVE-2020-6115 HIGH POC This Week

An exploitable vulnerability exists in the cross-reference table repairing functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Memory Corruption Information Disclosure Nitro Pro
NVD
CVSS 3.1
7.8
EPSS
2.7%
CVE-2020-6113 HIGH POC THREAT This Week

An exploitable vulnerability exists in the object stream parsing functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242 when updating its cross-reference table. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Integer Overflow Nitro Pro
NVD
CVSS 3.1
7.8
EPSS
68.6%
CVE-2020-6112 HIGH POC THREAT This Week

An exploitable code execution vulnerability exists in the JPEG2000 Stripe Decoding functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242 when decoding sub-samples. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Memory Corruption Nitro Pro
NVD
CVSS 3.1
7.8
EPSS
17.1%
CVE-2020-6146 HIGH POC THREAT This Week

An exploitable code execution vulnerability exists in the rendering functionality of Nitro Pro 13.13.2.242 and 13.16.2.300. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Heap Overflow Nitro Pro
NVD
CVSS 3.1
8.8
EPSS
78.5%
CVE-2020-6093 MEDIUM POC This Month

An exploitable information disclosure vulnerability exists in the way Nitro Pro 13.9.1.155 does XML error handling. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Information Disclosure Nitro Pro
NVD
CVSS 3.1
5.5
EPSS
2.6%
CVE-2020-6092 HIGH POC THREAT This Week

An exploitable code execution vulnerability exists in the way Nitro Pro 13.9.1.155 parses Pattern objects. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Integer Overflow Nitro Pro
NVD
CVSS 3.1
7.8
EPSS
42.3%
CVE-2020-6074 HIGH POC THREAT This Week

An exploitable code execution vulnerability exists in the PDF parser of Nitro Pro 13.9.1.155. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Memory Corruption RCE Nitro Pro
NVD
CVSS 3.1
8.8
EPSS
40.9%
CVE-2020-10223 HIGH POC This Week

npdf.dll in Nitro Pro before 13.13.2.242 is vulnerable to JBIG2Decode CNxJBIG2DecodeStream Heap Corruption at npdf!CAPPDAnnotHandlerUtils::create_popup_for_markup+0x12fbe via a crafted PDF document. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Nitro Pro
NVD GitHub
CVSS 3.1
8.1
EPSS
2.4%
CVE-2020-10222 HIGH POC This Week

npdf.dll in Nitro Pro before 13.13.2.242 is vulnerable to Heap Corruption at npdf!nitro::get_property+2381 via a crafted PDF document. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Nitro Pro
NVD GitHub
CVSS 3.1
8.1
EPSS
2.4%
CVE-2019-18958 HIGH POC This Week

Nitro Pro before 13.2 creates a debug.log file in the directory where a .pdf file is located, if the .pdf document was produced by an OCR operation on the JPEG output of a scanner. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Nitro Pro
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2017-7442 HIGH POC THREAT Act Now

Nitro Pro 11.0.3.173 allows remote attackers to execute arbitrary code via saveAs and launchURL calls with directory traversal sequences. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 70.3%.

Path Traversal RCE Nitro Pro
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
70.3%
Threat
5.4
CVE-2017-7950 MEDIUM POC This Month

Nitro Pro 11.0.3 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted PCX file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Nitro Pro
NVD Exploit-DB
CVSS 3.0
5.5
EPSS
0.1%
EPSS 15% CVSS 7.8
HIGH POC THREAT This Week

An exploitable double-free vulnerability exists in the JavaScript implementation of Nitro Pro PDF. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Nitro Pro
NVD
EPSS 16% CVSS 7.8
HIGH POC THREAT This Week

An exploitable use-after-free vulnerability exists in the JavaScript implementation of Nitro Pro PDF. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free RCE Memory Corruption +1
NVD
EPSS 16% CVSS 7.8
HIGH POC THREAT This Week

An exploitable return of stack variable address vulnerability exists in the JavaScript implementation of Nitro Pro PDF. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Nitro Pro
NVD
EPSS 28% CVSS 7.8
HIGH POC THREAT This Week

An arbitrary code execution vulnerability exists in the rendering functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Nitro Pro
NVD
EPSS 3% CVSS 7.8
HIGH POC This Week

An exploitable vulnerability exists in the cross-reference table repairing functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Memory Corruption Information Disclosure +1
NVD
EPSS 69% CVSS 7.8
HIGH POC THREAT This Week

An exploitable vulnerability exists in the object stream parsing functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242 when updating its cross-reference table. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Integer Overflow +1
NVD
EPSS 17% CVSS 7.8
HIGH POC THREAT This Week

An exploitable code execution vulnerability exists in the JPEG2000 Stripe Decoding functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242 when decoding sub-samples. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Memory Corruption +1
NVD
EPSS 78% CVSS 8.8
HIGH POC THREAT This Week

An exploitable code execution vulnerability exists in the rendering functionality of Nitro Pro 13.13.2.242 and 13.16.2.300. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Heap Overflow +1
NVD
EPSS 3% CVSS 5.5
MEDIUM POC This Month

An exploitable information disclosure vulnerability exists in the way Nitro Pro 13.9.1.155 does XML error handling. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Information Disclosure Nitro Pro
NVD
EPSS 42% CVSS 7.8
HIGH POC THREAT This Week

An exploitable code execution vulnerability exists in the way Nitro Pro 13.9.1.155 parses Pattern objects. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Integer Overflow Nitro Pro
NVD
EPSS 41% CVSS 8.8
HIGH POC THREAT This Week

An exploitable code execution vulnerability exists in the PDF parser of Nitro Pro 13.9.1.155. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Memory Corruption RCE +1
NVD
EPSS 2% CVSS 8.1
HIGH POC This Week

npdf.dll in Nitro Pro before 13.13.2.242 is vulnerable to JBIG2Decode CNxJBIG2DecodeStream Heap Corruption at npdf!CAPPDAnnotHandlerUtils::create_popup_for_markup+0x12fbe via a crafted PDF document. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Nitro Pro
NVD GitHub
EPSS 2% CVSS 8.1
HIGH POC This Week

npdf.dll in Nitro Pro before 13.13.2.242 is vulnerable to Heap Corruption at npdf!nitro::get_property+2381 via a crafted PDF document. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Nitro Pro
NVD GitHub
EPSS 1% CVSS 7.8
HIGH POC This Week

Nitro Pro before 13.2 creates a debug.log file in the directory where a .pdf file is located, if the .pdf document was produced by an OCR operation on the JPEG output of a scanner. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Nitro Pro
NVD
EPSS 70% 5.4 CVSS 8.8
HIGH POC THREAT Act Now

Nitro Pro 11.0.3.173 allows remote attackers to execute arbitrary code via saveAs and launchURL calls with directory traversal sequences. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 70.3%.

Path Traversal RCE Nitro Pro
NVD Exploit-DB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

Nitro Pro 11.0.3 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted PCX file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Nitro Pro
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy