CVE-2025-69624

Name of the Vulnerable Software and Affected Versions Nitro PDF Pro for Windows version 14.41.1.4

Description A NULL pointer dereference occurs in the JavaScript implementation of the app.alert() function. When app.alert() is called with multiple arguments and the first argument evaluates to null, the engine uses a fallback path for non-string arguments. In this process, the js ValueToString() function is called on the null value and returns an invalid string pointer, which is then passed to JS GetStringChars() without validation. This leads to an access violation and application crash when a crafted PDF is opened.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.