Описание
A specifically crafted jpeg2000 file embedded in a PDF file can lead to a heap corruption when opening a PDF document in NitroPDF 12.12.1.522. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim would need to open the malicious file.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:gonitro:nitropdf:12.12.1.522:*:*:*:*:*:*:*
EPSS
Процентиль: 16%
0.00051
Низкий
8.8 High
CVSS3
7.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-122
CWE-787
Связанные уязвимости
CVSS3: 7.8
github
больше 3 лет назад
A specifically crafted jpeg2000 file embedded in a PDF file can lead to a heap corruption when opening a PDF document in NitroPDF 12.12.1.522. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim would need to open the malicious file.
EPSS
Процентиль: 16%
0.00051
Низкий
8.8 High
CVSS3
7.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-122
CWE-787