CVE-2020-6092

Name of the Vulnerable Software and Affected Versions Nitro Pro version 13.9.1.155

Description The issue is related to the parsing of Pattern objects in Nitro Pro, which can be exploited through a specially crafted PDF file. This exploitation can trigger an integer overflow, potentially leading to arbitrary code execution. The victim must open a malicious file to trigger this issue. The vulnerability is associated with an integer buffer overflow in the /Pattern component of the Nitro Pro application, allowing a remote attacker to execute arbitrary code using a specially formed PDF file.

Recommendations For Nitro Pro version 13.9.1.155, consider avoiding the use of the /Pattern component until a patch is available. As a temporary workaround, refrain from opening suspicious or untrusted PDF files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.