Описание
An exploitable information disclosure vulnerability exists in the way Nitro Pro 13.9.1.155 does XML error handling. A specially crafted PDF document can cause uninitialized memory access resulting in information disclosure. In order to trigger this vulnerability, victim must open a malicious file.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:gonitro:nitro_pro:13.9.1.155:*:*:*:*:*:*:*
EPSS
Процентиль: 1%
0.00011
Низкий
6.5 Medium
CVSS3
5.5 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-824
CWE-824
Связанные уязвимости
CVSS3: 5.5
github
больше 3 лет назад
An exploitable information disclosure vulnerability exists in the way Nitro Pro 13.9.1.155 does XML error handling. A specially crafted PDF document can cause uninitialized memory access resulting in information disclosure. In order to trigger this vulnerability, victim must open a malicious file.
EPSS
Процентиль: 1%
0.00011
Низкий
6.5 Medium
CVSS3
5.5 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-824
CWE-824