Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-6113

An exploitable vulnerability exists in the object stream parsing functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242 when updating its cross-reference table. When processing an object stream from a PDF document, the application will perform a calculation in order to allocate memory for the list of indirect objects. Due to an error when calculating this size, an integer overflow may occur which can result in an undersized buffer being allocated. Later when initializing this buffer, the application can write outside its bounds which can cause a memory corruption that can lead to code execution. A specially crafted document can be delivered to a victim in order to trigger this vulnerability.

Published

2020-09-17T13:15:16.023

Last Modified

2024-11-21T05:35:08.113

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.8 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

8.6

Impact Score

6.4

Weaknesses

Type: Secondary
CWE-190
Type: Primary
CWE-131
CWE-190
CWE-787

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	gonitro	nitro_pro	13.13.2.242	Yes
Application	gonitro	nitro_pro	13.16.2.300	Yes

References

https://talosintelligence.com/vulnerability_reports/TALOS-2020-1063 Exploit, Third Party Advisory ([email protected])
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1063 Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)