Multiple vulnerabilites in NitroPDF

Published: 2019-10-11 | Updated: 2019-10-11
Severity High
Patch available NO
Number of vulnerabilities 6
CVE ID CVE-2019-5050
CVE-2019-5045
CVE-2019-5046
CVE-2019-5048
CVE-2019-5047
CVE-2019-5053
CWE ID CWE-122
CWE-416
Exploitation vector Network
Public exploit N/A
Vulnerable software NitroPDF Subscribe
Vendor Nitro Software, Inc.

Security Advisory

1) Heap-based buffer overflow

Severity: High

CVSSv3: 8.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C] [PCI]

CVE-ID: CVE-2019-5050

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists in the "Page", "Kids" objects due to a boundary error when processing PDF files. A remote attacker can send a specially crafted PDF file, when opened by a victim, trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

NitroPDF: 12.12.1.522

CPE External links

https://talosintelligence.com/vulnerability_reports/TALOS-2019-0819

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Heap-based buffer overflow

Severity: High

CVSSv3: 8.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C] [PCI]

CVE-ID: CVE-2019-5045

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists in the PDF parsing functionality due to a boundary error when processing jpeg2000 files with an unusually large "ssizDepth" value in "siz" block of the code stream embedded in a PDF file. A remote attacker can send a specially crafted jpeg2000 file, when opened by a victim, trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

NitroPDF: 12.12.1.522

CPE External links

https://talosintelligence.com/vulnerability_reports/TALOS-2019-0814

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Heap-based buffer overflow

Severity: High

CVSSv3: 8.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C] [PCI]

CVE-ID: CVE-2019-5046

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing jpeg2000 files with an unusually large "xSiz" and "yTsiz". A remote attacker can send a specially crafted jpeg2000 file, when opened by a victim, trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

NitroPDF: 12.12.1.522

CPE External links

https://talosintelligence.com/vulnerability_reports/TALOS-2019-0815

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Heap-based buffer overflow

Severity: High

CVSSv3: 8.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C] [PCI]

CVE-ID: CVE-2019-5048

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists in the "ICCBased" color space object due to a boundary error when processing PDF files. A remote attacker can send a specially crafted PDF file, when opened by a victim, trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

NitroPDF: 12.12.1.522

CPE External links

https://talosintelligence.com/vulnerability_reports/TALOS-2019-0817

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Use-after-free

Severity: Medium

CVSSv3: 6.9 [CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C] [PCI]

CVE-ID: CVE-2019-5047

CWE-ID: CWE-416 - Use After Free

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error in the "CharProcs" parsing functionality. A remote attacker can send a specially crafted PDF, cause a type confusion, resulting in a Use After Free and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

NitroPDF: 12.12.1.522

CPE External links

https://talosintelligence.com/vulnerability_reports/TALOS-2019-0816

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Use-after-free

Severity: Medium

CVSSv3: 6.9 [CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C] [PCI]

CVE-ID: CVE-2019-5053

CWE-ID: CWE-416 - Use After Free

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error in the Length parsing function. A remote attacker can send a specially crafted PDF and cause a type confusion, resulting in a use-after-free condition.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

NitroPDF: 12.12.1.522

CPE External links

https://talosintelligence.com/vulnerability_reports/TALOS-2019-0830

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open an attachment in an e-mail message.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.