Security News > 2020 > May > Nitro Pro Vulnerabilities Expose Many Enterprises to Attacks
2020-05-20 03:54
Two recently addressed vulnerabilities in the Nitro Pro PDF editor could be exploited by malicious actors to execute code remotely on affected hosts, according to Cisco's Talos threat intelligence and research group.
Nitro Pro is a piece of software designed for reading, editing, signing, and saving PDF files.
Tracked as CVE-2020-6074, the first of these flaws was identified in the PDF parser of Nitro Pro.
The second security issue is tracked as CVE-2020-6092 and resides in the manner in which Nitro Pro parses Pattern objects.
All three vulnerabilities were found in Nitro Pro version 13.9.1.155 and were reported to the vendor in February.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-05-18 | CVE-2020-6074 | Use After Free vulnerability in Gonitro Nitro PRO 13.9.1.155 An exploitable code execution vulnerability exists in the PDF parser of Nitro Pro 13.9.1.155. | 8.8 |
| 2020-05-18 | CVE-2020-6092 | Integer Overflow or Wraparound vulnerability in Gonitro Nitro PRO 13.9.1.155 An exploitable code execution vulnerability exists in the way Nitro Pro 13.9.1.155 parses Pattern objects. | 7.8 |