PT-2021-14782 · Nitro · Nitro Pro Pdf

Published

2021-10-18

Updated

2022-05-13

CVE-2021-21797

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Nitro Pro PDF (affected versions not specified)

Description A double-free vulnerability exists in the JavaScript implementation of Nitro Pro PDF. This issue can be triggered by a specially crafted document, causing a reference to a timeout object to be stored in two different places. When the document is closed, the reference is released twice, potentially leading to code execution under the context of the application. An attacker can exploit this by convincing a user to open a malicious document.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Double Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-415

Related Identifiers

CVE-2021-21797

Affected Products

Nitro Pro Pdf

PT-2021-14782 · Nitro · Nitro Pro Pdf

CVE-2021-21797

Weakness Enumeration

Related Identifiers

Affected Products

References · 4