CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-35288 – Nitro PDF Pro Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2024-35288
01 Oct 2024 — Nitro PDF Pro before 13.70.8.82 and 14.x before 14.26.1.0 allows Local Privilege Escalation in the MSI Installer because custom actions occur unsafely in repair mode. CertUtil is run in a conhost.exe window, and there is a mechanism allowing CTRL+o to launch cmd.exe as NT AUTHORITY\SYSTEM. • https://packetstorm.news/files/id/181954 •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2021-21797
https://notcve.org/view.php?id=CVE-2021-21797
18 Oct 2021 — An exploitable double-free vulnerability exists in the JavaScript implementation of Nitro Pro PDF. A specially crafted document can cause a reference to a timeout object to be stored in two different places. When closed, the document will result in the reference being released twice. This can lead to code execution under the context of the application. An attacker can convince a user to open a document to trigger this vulnerability. • https://talosintelligence.com/vulnerability_reports/TALOS-2021-1266 • CWE-415: Double Free •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2021-21796
https://notcve.org/view.php?id=CVE-2021-21796
18 Oct 2021 — An exploitable use-after-free vulnerability exists in the JavaScript implementation of Nitro Pro PDF. A specially crafted document can cause an object containing the path to a document to be destroyed and then later reused, resulting in a use-after-free vulnerability, which can lead to code execution under the context of the application. An attacker can convince a user to open a document to trigger this vulnerability. Se presenta una vulnerabilidad explotable de uso de memoria previamente liberada en la imp... • https://talosintelligence.com/vulnerability_reports/TALOS-2021-1265 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2021-21798
https://notcve.org/view.php?id=CVE-2021-21798
15 Sep 2021 — An exploitable return of stack variable address vulnerability exists in the JavaScript implementation of Nitro Pro PDF. A specially crafted document can cause a stack variable to go out of scope, resulting in the application dereferencing a stale pointer. This can lead to code execution under the context of the application. An attacker can convince a user to open a document to trigger the vulnerability. Se presenta una vulnerabilidad explotable de retorno de dirección de variable de pila en la implementació... • https://talosintelligence.com/vulnerability_reports/TALOS-2021-1267 • CWE-562: Return of Stack Variable Address •
CVSS: 5.3EPSS: 0%CPEs: 42EXPL: 0CVE-2018-18689
https://notcve.org/view.php?id=CVE-2018-18689
07 Jan 2021 — The Portable Document Format (PDF) specification does not provide any information regarding the concrete procedure of how to validate signatures. Consequently, a Signature Wrapping vulnerability exists in multiple products. An attacker can use /ByteRange and xref manipulations that are not detected by the signature-validation logic. This affects Foxit Reader before 9.4 and PhantomPDF before 8.3.9 and 9.x before 9.4. It also affects eXpert PDF 12 Ultimate, Expert PDF Reader, Nitro Pro, Nitro Reader, PDF Arch... • https://pdf-insecurity.org/signature/evaluation_2018.html • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 5.3EPSS: 0%CPEs: 46EXPL: 0CVE-2018-18688
https://notcve.org/view.php?id=CVE-2018-18688
07 Jan 2021 — The Portable Document Format (PDF) specification does not provide any information regarding the concrete procedure of how to validate signatures. Consequently, an Incremental Saving vulnerability exists in multiple products. When an attacker uses the Incremental Saving feature to add pages or annotations, Body Updates are displayed to the user without any action by the signature-validation logic. This affects Foxit Reader before 9.4 and PhantomPDF before 8.3.9 and 9.x before 9.4. It also affects LibreOffice... • https://pdf-insecurity.org/signature/evaluation_2018.html • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 8.8EPSS: 77%CPEs: 2EXPL: 1CVE-2020-6113
https://notcve.org/view.php?id=CVE-2020-6113
17 Sep 2020 — An exploitable vulnerability exists in the object stream parsing functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242 when updating its cross-reference table. When processing an object stream from a PDF document, the application will perform a calculation in order to allocate memory for the list of indirect objects. Due to an error when calculating this size, an integer overflow may occur which can result in an undersized buffer being allocated. Later when initializing this buffer, the application ... • https://talosintelligence.com/vulnerability_reports/TALOS-2020-1063 • CWE-131: Incorrect Calculation of Buffer Size CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2020-6112
https://notcve.org/view.php?id=CVE-2020-6112
17 Sep 2020 — An exploitable code execution vulnerability exists in the JPEG2000 Stripe Decoding functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242 when decoding sub-samples. While initializing tiles with sub-sample data, the application can miscalculate a pointer for the stripes in the tile which allow for the decoder to write out of-bounds and cause memory corruption. This can result in code execution. A specially crafted image can be embedded inside a PDF and loaded by a victim in order to trigger this vuln... • https://talosintelligence.com/vulnerability_reports/TALOS-2020-1062 • CWE-823: Use of Out-of-range Pointer Offset •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2020-6115
https://notcve.org/view.php?id=CVE-2020-6115
17 Sep 2020 — An exploitable vulnerability exists in the cross-reference table repairing functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242. While searching for an object identifier in a malformed document that is missing from the cross-reference table, the application will save a reference to the object’s cross-reference table entry inside a stack variable. If the referenced object identifier is not found, the application may resize the cross-reference table which can change the scope of its entry. Later when... • https://talosintelligence.com/vulnerability_reports/TALOS-2020-1068 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 46%CPEs: 2EXPL: 1CVE-2020-6116
https://notcve.org/view.php?id=CVE-2020-6116
17 Sep 2020 — An arbitrary code execution vulnerability exists in the rendering functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242. When drawing the contents of a page using colors from an indexed colorspace, the application can miscalculate the size of a buffer when allocating space for its colors. When using this allocated buffer, the application can write outside its bounds and cause memory corruption which can lead to code execution. A specially crafted document must be loaded by a victim in order to trigg... • https://talosintelligence.com/vulnerability_reports/TALOS-2020-1070 • CWE-131: Incorrect Calculation of Buffer Size CWE-190: Integer Overflow or Wraparound CWE-680: Integer Overflow to Buffer Overflow CWE-787: Out-of-bounds Write •