Home/Product/gonitro nitro pro
Product

gonitro nitro pro

20 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2021-21797
all versions
An exploitable double-free vulnerability exists in the JavaScript implementation of Nitro Pro PDF. A specially crafted document ca
7.8HIGH
 CVE-2021-21796
all versions
An exploitable use-after-free vulnerability exists in the JavaScript implementation of Nitro Pro PDF. A specially crafted document
7.8HIGH
 CVE-2021-21798
all versions
An exploitable return of stack variable address vulnerability exists in the JavaScript implementation of Nitro Pro PDF. A speciall
7.8HIGH
 CVE-2018-18689
all versions
The Portable Document Format (PDF) specification does not provide any information regarding the concrete procedure of how to valid
5.3MEDIUM
 CVE-2018-18688
all versions
The Portable Document Format (PDF) specification does not provide any information regarding the concrete procedure of how to valid
5.3MEDIUM
 CVE-2020-6116
all versions
An arbitrary code execution vulnerability exists in the rendering functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242.
7.8HIGH
 CVE-2020-6115
all versions
An exploitable vulnerability exists in the cross-reference table repairing functionality of Nitro Software, Inc.’s Nitro Pro 13.
7.8HIGH
 CVE-2020-6113
all versions
An exploitable vulnerability exists in the object stream parsing functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242 w
7.8HIGH
 CVE-2020-6112
all versions
An exploitable code execution vulnerability exists in the JPEG2000 Stripe Decoding functionality of Nitro Software, Inc.’s Nitro
7.8HIGH
 CVE-2020-6146
all versions
An exploitable code execution vulnerability exists in the rendering functionality of Nitro Pro 13.13.2.242 and 13.16.2.300. When d
8.8HIGH
 CVE-2020-6093
all versions
An exploitable information disclosure vulnerability exists in the way Nitro Pro 13.9.1.155 does XML error handling. A specially cr
5.5MEDIUM
 CVE-2020-6092
all versions
An exploitable code execution vulnerability exists in the way Nitro Pro 13.9.1.155 parses Pattern objects. A specially crafted PDF
7.8HIGH
 CVE-2020-6074
all versions
An exploitable code execution vulnerability exists in the PDF parser of Nitro Pro 13.9.1.155. A specially crafted PDF document can
8.8HIGH
 CVE-2020-10223
< 13.13.2.242
npdf.dll in Nitro Pro before 13.13.2.242 is vulnerable to JBIG2Decode CNxJBIG2DecodeStream Heap Corruption at npdf!CAPPDAnnotHandl
8.1HIGH
 CVE-2020-10222
< 13.13.2.242
npdf.dll in Nitro Pro before 13.13.2.242 is vulnerable to Heap Corruption at npdf!nitro::get_property+2381 via a crafted PDF docum
8.1HIGH
 CVE-2019-18958
< 13.2
Nitro Pro before 13.2 creates a debug.log file in the directory where a .pdf file is located, if the .pdf document was produced by
7.8HIGH
 CVE-2013-3553
<= 7.5.0.22
Nitro Pro 7.5.0.22 and earlier and Nitro Reader 2.5.0.36 and earlier allow remote attackers to execute arbitrary code via a crafte
7.8HIGH
 CVE-2013-3552
<= 7.5.0.22
Nitro Pro 7.5.0.29 and earlier and Nitro Reader 2.5.0.45 and earlier allow remote attackers to execute arbitrary code via a crafte
7.8HIGH
 CVE-2017-7442
all versions
Nitro Pro 11.0.3.173 allows remote attackers to execute arbitrary code via saveAs and launchURL calls with directory traversal seq
8.8HIGH
 CVE-2017-7950
<= 11.0.3
Nitro Pro 11.0.3 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted PCX file.
5.5MEDIUM
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin