Out-of-bounds write in Nitro Pro

#VU34802 Out-of-bounds write in Nitro Pro

Published: 2020-03-09 | Updated: 2020-08-08

Vulnerability identifier: #VU34802

Vulnerability risk: High

CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-10223

CWE-ID: CWE-787

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Nitro Pro
Client/Desktop applications / Office applications

Vendor: Nitro Software, Inc.

Description

The vulnerability allows a remote non-authenticated attacker to #BASIC_IMPACT#.

npdf.dll in Nitro Pro before 13.13.2.242 is vulnerable to JBIG2Decode CNxJBIG2DecodeStream Heap Corruption at npdf!CAPPDAnnotHandlerUtils::create_popup_for_markup+0x12fbe via a crafted PDF document.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Nitro Pro: 13.2.2.25 - 13.9.1.155

External links
http://github.com/nafiez/nafiez.github.io/blob/master/_posts/2020-03-05-fuzzing-heap-corruption-nitro-pdf-vulnerability.md
http://nafiez.github.io/security/vulnerability/corruption/fuzzing/2020/03/05/fuzzing-heap-corruption-nitro-pdf-vulnerability.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Nitro Pro