PT-2020-18927 · Nitro · Nitro Pro

Published

2020-09-17

Updated

2022-05-12

CVE-2020-6113

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Nitro Pro version 13.13.2.242

Description The issue exists in the object stream parsing functionality when updating its cross-reference table. It occurs due to an error in calculating the size for allocating memory for indirect objects, which can lead to an integer overflow. This results in an undersized buffer being allocated, and later, when initializing this buffer, the application can write outside its bounds, causing memory corruption that can lead to code execution. A specially crafted document can trigger this issue.

Recommendations For Nitro Pro version 13.13.2.242, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Integer Overflow

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190CWE-787CWE-131

Related Identifiers

CVE-2020-6113

Affected Products

Nitro Pro

PT-2020-18927 · Nitro · Nitro Pro

CVE-2020-6113

Weakness Enumeration

Related Identifiers

Affected Products

References · 3