Vulnerability Description
npdf.dll in Nitro Pro before 13.13.2.242 is vulnerable to JBIG2Decode CNxJBIG2DecodeStream Heap Corruption at npdf!CAPPDAnnotHandlerUtils::create_popup_for_markup+0x12fbe via a crafted PDF document.
CVSS Score
8.1
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gonitro | Nitro Pro | < 13.13.2.242 |
Related Weaknesses (CWE)
References
- https://github.com/nafiez/nafiez.github.io/blob/master/_posts/2020-03-05-fuzzingExploitThird Party Advisory
- https://nafiez.github.io/security/vulnerability/corruption/fuzzing/2020/03/05/fuExploitThird Party Advisory
- https://github.com/nafiez/nafiez.github.io/blob/master/_posts/2020-03-05-fuzzingExploitThird Party Advisory
- https://nafiez.github.io/security/vulnerability/corruption/fuzzing/2020/03/05/fuExploitThird Party Advisory
FAQ
What is CVE-2020-10223?
CVE-2020-10223 is a vulnerability with a CVSS score of 8.1 (HIGH). npdf.dll in Nitro Pro before 13.13.2.242 is vulnerable to JBIG2Decode CNxJBIG2DecodeStream Heap Corruption at npdf!CAPPDAnnotHandlerUtils::create_popup_for_markup+0x12fbe via a crafted PDF document.
How severe is CVE-2020-10223?
CVE-2020-10223 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-10223?
Check the references section above for vendor advisories and patch information. Affected products include: Gonitro Nitro Pro.