CVE-2019-18958

Name of the Vulnerable Software and Affected Versions Nitro Pro versions prior to 13.2

Description The issue arises when Nitro Pro creates a debug.log file in the same directory as a .pdf file, specifically if the .pdf document was generated through an OCR operation on the JPEG output of a scanner. This can pose a security risk if the debug.log file is later edited and then executed.

Recommendations For versions prior to 13.2, consider removing or restricting access to the debug.log file created by Nitro Pro to minimize potential risks. As a temporary workaround, avoid executing any debug.log files that may have been edited.