Vulnerabilities > Gonitro > Nitro PRO
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-05-18 | CVE-2020-6093 | Access of Uninitialized Pointer vulnerability in Gonitro Nitro PRO 13.9.1.155 An exploitable information disclosure vulnerability exists in the way Nitro Pro 13.9.1.155 does XML error handling. | 5.5 |
| 2020-05-18 | CVE-2020-6092 | Integer Overflow or Wraparound vulnerability in Gonitro Nitro PRO 13.9.1.155 An exploitable code execution vulnerability exists in the way Nitro Pro 13.9.1.155 parses Pattern objects. | 7.8 |
| 2020-05-18 | CVE-2020-6074 | Use After Free vulnerability in Gonitro Nitro PRO 13.9.1.155 An exploitable code execution vulnerability exists in the PDF parser of Nitro Pro 13.9.1.155. | 8.8 |
| 2020-03-08 | CVE-2020-10223 | Out-of-bounds Write vulnerability in Gonitro Nitro PRO npdf.dll in Nitro Pro before 13.13.2.242 is vulnerable to JBIG2Decode CNxJBIG2DecodeStream Heap Corruption at npdf!CAPPDAnnotHandlerUtils::create_popup_for_markup+0x12fbe via a crafted PDF document. | 8.1 |
| 2020-03-08 | CVE-2020-10222 | Unspecified vulnerability in Gonitro Nitro PRO npdf.dll in Nitro Pro before 13.13.2.242 is vulnerable to Heap Corruption at npdf!nitro::get_property+2381 via a crafted PDF document. | 8.1 |
| 2019-11-21 | CVE-2019-18958 | Incorrect Permission Assignment for Critical Resource vulnerability in Gonitro Nitro PRO Nitro Pro before 13.2 creates a debug.log file in the directory where a .pdf file is located, if the .pdf document was produced by an OCR operation on the JPEG output of a scanner. | 7.8 |
| 2017-08-03 | CVE-2017-7442 | Path Traversal vulnerability in Gonitro Nitro PRO 11.0.3.173 Nitro Pro 11.0.3.173 allows remote attackers to execute arbitrary code via saveAs and launchURL calls with directory traversal sequences. | 8.8 |
| 2017-07-07 | CVE-2017-7950 | Improper Input Validation vulnerability in Gonitro Nitro PRO Nitro Pro 11.0.3 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted PCX file. | 5.5 |