CVE-2020-6115

Name of the Vulnerable Software and Affected Versions Nitro Pro version 13.13.2.242

Description A vulnerability exists in the cross-reference table repairing functionality. When searching for an object identifier in a malformed document, the application saves a reference to the object's cross-reference table entry inside a stack variable. If the referenced object identifier is not found, the application may resize the cross-reference table, changing the scope of its entry. Later, when the application tries to reference the cross-reference entry via the stack variable, it accesses memory belonging to the recently freed table, causing a use-after-free condition. An attacker can deliver a specially crafted document to trigger this issue.

Recommendations For Nitro Pro version 13.13.2.242, at the moment, there is no information about a newer version that contains a fix for this vulnerability.