An arbitrary code execution vulnerability exists in the rendering functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242. When drawing the contents of a page using colors from an indexed colorspace, the application can miscalculate the size of a buffer when allocating space for its colors. When using this allocated buffer, the application can write outside its bounds and cause memory corruption which can lead to code execution. A specially crafted document must be loaded by a victim in order to trigger this vulnerability.
References
Link | Resource |
---|---|
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1070 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: talos
Published: 2020-09-17T12:18:58
Updated: 2020-09-17T12:18:58
Reserved: 2020-01-07T00:00:00
Link: CVE-2020-6116
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-09-17T13:15:16.273
Modified: 2022-05-12T17:26:06.243
Link: CVE-2020-6116
JSON object: View
Redhat Information
No data.