Vulnerabilities > CVE-2019-5050 - Out-of-bounds Write vulnerability in Gonitro Nitropdf 12.12.1.522

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

gonitro

CWE-787

NVD

Published: 2019-10-09

Updated: 2022-06-27

Summary

A specifically crafted PDF file can lead to a heap corruption when opened in NitroPDF 12.12.1.522. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim would need to open the malicious file.

Vulnerable Configurations

Part	Description	Count
Application	Gonitro Gonitro Nitropdf 12.12.1.522	1

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

Talos

id	TALOS-2019-0819
last seen	2019-10-12
published	2019-10-09
reporter	Talos Intelligence
source	http://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0819
title	NitroPDF Page Kids Remote Code Execution Vulnerability

References

https://talosintelligence.com/vulnerability_reports/TALOS-2019-0819