CVE-2021-21798

Name of the Vulnerable Software and Affected Versions Nitro Pro PDF (affected versions not specified)

Description An exploitable return of stack variable address vulnerability exists in the JavaScript implementation of Nitro Pro PDF. A specially crafted document can cause a stack variable to go out of scope, resulting in the application dereferencing a stale pointer. This can lead to code execution under the context of the application. An attacker can convince a user to open a document to trigger the issue.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.