Vulnerabilities > Gonitro > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-01-07 | CVE-2018-18689 | Improper Verification of Cryptographic Signature vulnerability in multiple products The Portable Document Format (PDF) specification does not provide any information regarding the concrete procedure of how to validate signatures. network low complexity avanquest foxitsoftware gonitro iskysoft pdf-xchange pdfforge qoppa sodapdf soft-xpansion tracker-software visagesoft CWE-347 | 5.3 |
| 2021-01-07 | CVE-2018-18688 | Improper Verification of Cryptographic Signature vulnerability in multiple products The Portable Document Format (PDF) specification does not provide any information regarding the concrete procedure of how to validate signatures. network low complexity code-industry foxitsoftware gonitro iskysoft libreoffice nuance qoppa soft-xpansion CWE-347 | 5.3 |
| 2020-05-18 | CVE-2020-6093 | Access of Uninitialized Pointer vulnerability in Gonitro Nitro PRO 13.9.1.155 An exploitable information disclosure vulnerability exists in the way Nitro Pro 13.9.1.155 does XML error handling. | 5.5 |
| 2020-01-10 | CVE-2019-19819 | NULL Pointer Dereference vulnerability in Gonitro Nitropdf 12.0.0.112 The JBIG2Globals library in npdf.dll in Nitro Free PDF Reader 12.0.0.112 has a CAPPDAnnotHandlerUtils::PDAnnotHandlerDestroyData2+0x90ec NULL Pointer Dereference via crafted Unicode content. | 5.5 |
| 2020-01-10 | CVE-2019-19817 | Out-of-bounds Read vulnerability in Gonitro Nitro Free PDF Reader 12.0.0.112 The JBIG2Decode library in npdf.dll in Nitro Free PDF Reader 12.0.0.112 has a CAPPDAnnotHandlerUtils::PDAnnotHandlerDestroyData2+0x2e8a Out-of-Bounds Read via crafted Unicode content. | 5.5 |
| 2019-12-16 | CVE-2019-19818 | Out-of-bounds Read vulnerability in Gonitro Nitro Free PDF Reader 12.0.0.112 The JBIG2Decode library in npdf.dll in Nitro Free PDF Reader 12.0.0.112 has a CAPPDAnnotHandlerUtils::PDAnnotHandlerDestroyData2+0xa08a Out-of-Bounds Read via crafted Unicode content. | 5.5 |
| 2017-07-07 | CVE-2017-7950 | Improper Input Validation vulnerability in Gonitro Nitro PRO Nitro Pro 11.0.3 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted PCX file. | 5.5 |