Vulnerability Description
An exploitable vulnerability exists in the cross-reference table repairing functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242. While searching for an object identifier in a malformed document that is missing from the cross-reference table, the application will save a reference to the object’s cross-reference table entry inside a stack variable. If the referenced object identifier is not found, the application may resize the cross-reference table which can change the scope of its entry. Later when the application tries to reference cross-reference entry via the stack variable, the application will access memory belonging to the recently freed table causing a use-after-free condition. A specially crafted document can be delivered by an attacker and loaded by a victim in order to trigger this vulnerability.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gonitro | Nitro Pro | 13.13.2.242 |
Related Weaknesses (CWE)
References
- https://talosintelligence.com/vulnerability_reports/TALOS-2020-1068ExploitThird Party Advisory
- https://talosintelligence.com/vulnerability_reports/TALOS-2020-1068ExploitThird Party Advisory
FAQ
What is CVE-2020-6115?
CVE-2020-6115 is a vulnerability with a CVSS score of 7.8 (HIGH). An exploitable vulnerability exists in the cross-reference table repairing functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242. While searching for an object identifier in a malformed docume...
How severe is CVE-2020-6115?
CVE-2020-6115 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-6115?
Check the references section above for vendor advisories and patch information. Affected products include: Gonitro Nitro Pro.