Vulnerabilities > Gonitro > Nitro PRO > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-10-18 CVE-2021-21796 Use After Free vulnerability in Gonitro Nitro PRO 13.31.0.605/13.33.2.645
An exploitable use-after-free vulnerability exists in the JavaScript implementation of Nitro Pro PDF.
network
gonitro CWE-416
6.8
2021-10-18 CVE-2021-21797 Double Free vulnerability in Gonitro Nitro PRO 13.31.0.605/13.33.2.645
An exploitable double-free vulnerability exists in the JavaScript implementation of Nitro Pro PDF.
network
gonitro CWE-415
6.8
2021-01-07 CVE-2018-18689 Improper Verification of Cryptographic Signature vulnerability in multiple products
The Portable Document Format (PDF) specification does not provide any information regarding the concrete procedure of how to validate signatures.
5.0
2021-01-07 CVE-2018-18688 Improper Verification of Cryptographic Signature vulnerability in multiple products
The Portable Document Format (PDF) specification does not provide any information regarding the concrete procedure of how to validate signatures.
5.0
2020-09-17 CVE-2020-6116 Incorrect Calculation of Buffer Size vulnerability in Gonitro Nitro PRO 13.13.2.242/13.16.2.300
An arbitrary code execution vulnerability exists in the rendering functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242.
network
gonitro CWE-131
6.8
2020-09-17 CVE-2020-6115 Use After Free vulnerability in Gonitro Nitro PRO 13.13.2.242/13.16.2.300
An exploitable vulnerability exists in the cross-reference table repairing functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242.
network
gonitro CWE-416
6.8
2020-09-17 CVE-2020-6113 Incorrect Calculation of Buffer Size vulnerability in Gonitro Nitro PRO 13.13.2.242/13.16.2.300
An exploitable vulnerability exists in the object stream parsing functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242 when updating its cross-reference table.
network
gonitro CWE-131
6.8
2020-09-17 CVE-2020-6112 Unspecified vulnerability in Gonitro Nitro PRO 13.13.2.242/13.16.2.300
An exploitable code execution vulnerability exists in the JPEG2000 Stripe Decoding functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242 when decoding sub-samples.
network
gonitro
6.8
2020-09-16 CVE-2020-6146 Out-of-bounds Write vulnerability in Gonitro Nitro PRO 13.13.2.242/13.16.2.300
An exploitable code execution vulnerability exists in the rendering functionality of Nitro Pro 13.13.2.242 and 13.16.2.300.
network
gonitro CWE-787
6.8
2020-05-18 CVE-2020-6093 Access of Uninitialized Pointer vulnerability in Gonitro Nitro PRO 13.9.1.155
An exploitable information disclosure vulnerability exists in the way Nitro Pro 13.9.1.155 does XML error handling.
network
gonitro CWE-824
4.3