Vulnerabilities > CVE-2019-5045 - Out-of-bounds Write vulnerability in Gonitro Nitropdf 12.12.1.522

CVSS 6.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

gonitro

CWE-787

NVD

Published: 2019-10-09

Updated: 2022-06-27

Summary

A specifically crafted jpeg2000 file embedded in a PDF file can lead to a heap corruption when opening a PDF document in NitroPDF 12.12.1.522. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim would need to open the malicious file.

Vulnerable Configurations

Part	Description	Count
Application	Gonitro Gonitro Nitropdf 12.12.1.522	1

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

Talos

id	TALOS-2019-0814
last seen	2019-10-12
published	2019-10-09
reporter	Talos Intelligence
source	http://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0814
title	NitroPDF jpeg2000 ssizDepth Remote Code Execution Vulnerability

References

https://talosintelligence.com/vulnerability_reports/TALOS-2019-0814