CVE-2019-19818

Опубликовано: 16 дек. 2019

Источник: nvd

CVSS3: 5.5

CVSS2: 4.3

EPSS Низкий

Описание

The JBIG2Decode library in npdf.dll in Nitro Free PDF Reader 12.0.0.112 has a CAPPDAnnotHandlerUtils::PDAnnotHandlerDestroyData2+0xa08a Out-of-Bounds Read via crafted Unicode content.

Ссылки

https://github.com/nafiez/nafiez.github.io/blob/master/_posts/2019-12-12-multiple-nitro-pdf-vulnerability.md
Exploit
Third Party Advisory
https://nafiez.github.io/security/vulnerability/remote/2019/12/12/multiple-nitro-pdf-vulnerability.html
Exploit
Third Party Advisory
https://github.com/nafiez/nafiez.github.io/blob/master/_posts/2019-12-12-multiple-nitro-pdf-vulnerability.md
Exploit
Third Party Advisory
https://nafiez.github.io/security/vulnerability/remote/2019/12/12/multiple-nitro-pdf-vulnerability.html
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:gonitro:nitro_free_pdf_reader:12.0.0.112:*:*:*:*:*:*:*

EPSS

Процентиль: 2%

0.00012

Низкий

5.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-125

Связанные уязвимости

GHSA-pmfv-fmg7-gppq

github

больше 3 лет назад