Vulnerabilities > CVE-2019-5045 - Out-of-bounds Write vulnerability in Gonitro Nitropdf 12.12.1.522

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

gonitro

CWE-787

NVD

Published: 2019-10-09

Updated: 2022-06-27

Summary

A specifically crafted jpeg2000 file embedded in a PDF file can lead to a heap corruption when opening a PDF document in NitroPDF 12.12.1.522. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim would need to open the malicious file.

Vulnerable Configurations

Part	Description	Count
Application	Gonitro Gonitro Nitropdf 12.12.1.522	1

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

Talos

id	TALOS-2019-0814
last seen	2019-10-12
published	2019-10-09
reporter	Talos Intelligence
source	http://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0814
title	NitroPDF jpeg2000 ssizDepth Remote Code Execution Vulnerability

References

https://talosintelligence.com/vulnerability_reports/TALOS-2019-0814