Cory Duplantis and Aleksandar Nikolic of Cisco Talos discovered these vulnerabilities.
Cisco Talos recently discovered multiple remote code execution vulnerabilities in NitroPDF. Nitro PDF allows users to save, read, sign and edit PDF files on their machines. There are two versions of the product: a free and a paid version called “Pro.” The paid version offers several features the free one does not, including the ability to combine multiple PDFs into one file and to redact sensitive information in the file. These bugs all exist in the Pro version of the software.In accordance with Cisco's vulnerability disclosure policy, we are disclosing these vulnerabilities without a patch from NitroPDF due to the expiration of our 90-day deadline.
Vulnerability details
NitroPDF jpeg2000 ssizDepth remote code execution vulnerability (TALOS-2019-0814/CVE-2019-5045)
A specifically crafted jpeg2000 file embedded in a PDF file can lead to a heap corruption when opening a PDF document in NitroPDF 12.12.1.522. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim would need to open the malicious file.
Read the complete vulnerability advisory here for additional information.
NitroPDF Page Kids remote code execution vulnerability (TALOS-2019-0819/CVE-2019-5050)
A specifically crafted PDF file can lead to a heap corruption vulnerability when opened in Nitr ..
Support the originator by clicking the read the rest link below.
