CVE-2020-6113

HIGH

Nitro Pro <13.13.2.242 - Buffer Overflow

Title source: llm

Description

An exploitable vulnerability exists in the object stream parsing functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242 when updating its cross-reference table. When processing an object stream from a PDF document, the application will perform a calculation in order to allocate memory for the list of indirect objects. Due to an error when calculating this size, an integer overflow may occur which can result in an undersized buffer being allocated. Later when initializing this buffer, the application can write outside its bounds which can cause a memory corruption that can lead to code execution. A specially crafted document can be delivered to a victim in order to trigger this vulnerability.

References (1)

[Exploit, Third Party Advisory] https://talosintelligence.com/vulnerability_reports/TALOS-2020-1063

Scores

CVSS v3 7.8

EPSS 0.0050

EPSS Percentile 65.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-190 CWE-131 CWE-787

Status published

Products (2)

gonitro/nitro_pro 13.13.2.242

gonitro/nitro_pro 13.16.2.300

Published Sep 17, 2020

Tracked Since Feb 18, 2026