CVE-2019-19818 - OpenCVE

The JBIG2Decode library in npdf.dll in Nitro Free PDF Reader 12.0.0.112 has a CAPPDAnnotHandlerUtils::PDAnnotHandlerDestroyData2+0xa08a Out-of-Bounds Read via crafted Unicode content.

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Gonitro	Nitro Free Pdf Reader

Configuration 1 [-]

cpe:2.3:a:gonitro:nitro_free_pdf_reader:12.0.0.112:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/nafiez/nafiez.github.io/blob/master/_posts/2019-12-12-multiple-nitro-pdf-vulnerability.md	Exploit Third Party Advisory
https://nafiez.github.io/security/vulnerability/remote/2019/12/12/multiple-nitro-pdf-vulnerability.html	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2019-12-16T20:07:23

Updated: 2019-12-16T20:07:23

Reserved: 2019-12-16T00:00:00

Link: CVE-2019-19818

JSON object: View

NVD Information

Status : Analyzed

Published: 2019-12-16T21:15:11.623

Modified: 2019-12-19T17:01:29.977

Link: CVE-2019-19818

JSON object: View

Redhat Information

No data.

CWE

CWE-125

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "The JBIG2Decode library in npdf.dll in Nitro Free PDF Reader 12.0.0.112 has a CAPPDAnnotHandlerUtils::PDAnnotHandlerDestroyData2+0xa08a Out-of-Bounds Read via crafted Unicode content."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-12-16T20:07:23", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://nafiez.github.io/security/vulnerability/remote/2019/12/12/multiple-nitro-pdf-vulnerability.html"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/nafiez/nafiez.github.io/blob/master/_posts/2019-12-12-multiple-nitro-pdf-vulnerability.md"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-19818", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The JBIG2Decode library in npdf.dll in Nitro Free PDF Reader 12.0.0.112 has a CAPPDAnnotHandlerUtils::PDAnnotHandlerDestroyData2+0xa08a Out-of-Bounds Read via crafted Unicode content."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://nafiez.github.io/security/vulnerability/remote/2019/12/12/multiple-nitro-pdf-vulnerability.html", "refsource": "MISC", "url": "https://nafiez.github.io/security/vulnerability/remote/2019/12/12/multiple-nitro-pdf-vulnerability.html"}, {"name": "https://github.com/nafiez/nafiez.github.io/blob/master/_posts/2019-12-12-multiple-nitro-pdf-vulnerability.md", "refsource": "MISC", "url": "https://github.com/nafiez/nafiez.github.io/blob/master/_posts/2019-12-12-multiple-nitro-pdf-vulnerability.md"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-19818", "datePublished": "2019-12-16T20:07:23", "dateReserved": "2019-12-16T00:00:00", "dateUpdated": "2019-12-16T20:07:23", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gonitro:nitro_free_pdf_reader:12.0.0.112:*:*:*:*:*:*:*", "matchCriteriaId": "2CBABA53-CE10-456D-9166-094BF6C5A4F8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The JBIG2Decode library in npdf.dll in Nitro Free PDF Reader 12.0.0.112 has a CAPPDAnnotHandlerUtils::PDAnnotHandlerDestroyData2+0xa08a Out-of-Bounds Read via crafted Unicode content."}, {"lang": "es", "value": "La biblioteca JBIG2Decode en npdf.dll en Nitro Free PDF Reader versi\u00f3n 12.0.0.112, presenta una Lectura Fuera de L\u00edmites de la funci\u00f3n CAPPDAnnotHandlerUtils::PDAnnotHandlerDestroyData2+0xa08a por medio de un contenido Unicode dise\u00f1ado."}], "id": "CVE-2019-19818", "lastModified": "2019-12-19T17:01:29.977", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-12-16T21:15:11.623", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/nafiez/nafiez.github.io/blob/master/_posts/2019-12-12-multiple-nitro-pdf-vulnerability.md"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://nafiez.github.io/security/vulnerability/remote/2019/12/12/multiple-nitro-pdf-vulnerability.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "nvd@nist.gov", "type": "Primary"}]}