Vulnerabilities > CVE-2019-19819 - NULL Pointer Dereference vulnerability in Gonitro Nitropdf 12.0.0.112

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

local

low complexity

gonitro

CWE-476

NVD

Published: 2020-01-10

Updated: 2020-01-15

Summary

The JBIG2Globals library in npdf.dll in Nitro Free PDF Reader 12.0.0.112 has a CAPPDAnnotHandlerUtils::PDAnnotHandlerDestroyData2+0x90ec NULL Pointer Dereference via crafted Unicode content.

Vulnerable Configurations

Part	Description	Count
Application	Gonitro Gonitro Nitropdf 12.0.0.112	1

Common Weakness Enumeration (CWE)

CWE-476 - NULL Pointer Dereference

References

https://nafiez.github.io/security/vulnerability/remote/2019/12/12/multiple-nitro-pdf-vulnerability.html
https://github.com/nafiez/nafiez.github.io/blob/master/_posts/2019-12-12-multiple-nitro-pdf-vulnerability.md