Описание
A specifically crafted PDF file can lead to a heap corruption when opened in NitroPDF 12.12.1.522. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim would need to open the malicious file.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:gonitro:nitropdf:12.2.1.522:*:*:*:*:*:*:*
EPSS
Процентиль: 40%
0.00181
Низкий
8.8 High
CVSS3
7.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-122
CWE-787
Связанные уязвимости
CVSS3: 7.8
github
больше 3 лет назад
A specifically crafted PDF file can lead to a heap corruption when opened in NitroPDF 12.12.1.522. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim would need to open the malicious file.
EPSS
Процентиль: 40%
0.00181
Низкий
8.8 High
CVSS3
7.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-122
CWE-787