SB2020091632 - Multiple vulnerabilities in Nitro Pro
Published: September 16, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 5 secuirty vulnerabilities.
1) Heap-based buffer overflow (CVE-ID: CVE-2020-6146)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the rendering functionality when drawing the contents of a page and selecting the stroke color from an “ICCBased” colorspace. A remote attacker can trick a victim to load a specially crafted document, trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
2) Integer overflow (CVE-ID: CVE-2020-6116)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in the rendering functionality. A remote attacker can trick a victim to load a specially crafted document, trigger integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
3) Use-after-free (CVE-ID: CVE-2020-6115)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in the cross-reference table repairing functionality. A remote attacker can trick a victim to load a specially crafted document, cause a use-after-free condition and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
4) Integer overflow (CVE-ID: CVE-2020-6113)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in the object stream parsing functionality when updating its cross-reference table. A remote attacker can trick a victim to open a specially crafted document, trigger integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
5) Out-of-bounds write (CVE-ID: CVE-2020-6112)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in the JPEG2000 Stripe Decoding functionality when decoding sub-samples. A remote attacker can use a specially crafted image, trigger out-of-bounds write and execute arbitrary code on the target system.
Remediation
Install update from vendor's website.
References
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1084
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1070
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1068
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1063
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1062