Every CVE whose affected-product data names Gonitro Nitro Pro, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (18)
CVE-2020-6146 — CVSS 8.8 (high): An exploitable code execution vulnerability exists in the rendering functionality of Nitro Pro 13.13.2.242 and 13.16.2.300. When drawing…
CVE-2020-6074 — CVSS 8.8 (high): An exploitable code execution vulnerability exists in the PDF parser of Nitro Pro 13.9.1.155. A specially crafted PDF document can cause a…
CVE-2017-7442 — CVSS 8.8 (high): Nitro Pro 11.0.3.173 allows remote attackers to execute arbitrary code via saveAs and launchURL calls with directory traversal sequences.
CVE-2020-10222 — CVSS 8.1 (high): npdf.dll in Nitro Pro before 13.13.2.242 is vulnerable to Heap Corruption at npdf!nitro::get_property+2381 via a crafted PDF document.
CVE-2020-10223 — CVSS 8.1 (high): npdf.dll in Nitro Pro before 13.13.2.242 is vulnerable to JBIG2Decode CNxJBIG2DecodeStream Heap Corruption at npdf!CAPPDAnnotHandlerUtils::c…
CVE-2021-21798 — CVSS 7.8 (high): An exploitable return of stack variable address vulnerability exists in the JavaScript implementation of Nitro Pro PDF. A specially crafted…
CVE-2019-18958 — CVSS 7.8 (high): Nitro Pro before 13.2 creates a debug.log file in the directory where a .pdf file is located, if the .pdf document was produced by an OCR…
CVE-2020-6115 — CVSS 7.8 (high): An exploitable vulnerability exists in the cross-reference table repairing functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242…
CVE-2020-6116 — CVSS 7.8 (high): An arbitrary code execution vulnerability exists in the rendering functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242. When…
CVE-2021-21796 — CVSS 7.8 (high): An exploitable use-after-free vulnerability exists in the JavaScript implementation of Nitro Pro PDF. A specially crafted document can…
CVE-2021-21797 — CVSS 7.8 (high): An exploitable double-free vulnerability exists in the JavaScript implementation of Nitro Pro PDF. A specially crafted document can cause a…
CVE-2020-6092 — CVSS 7.8 (high): An exploitable code execution vulnerability exists in the way Nitro Pro 13.9.1.155 parses Pattern objects. A specially crafted PDF file can…
CVE-2020-6112 — CVSS 7.8 (high): An exploitable code execution vulnerability exists in the JPEG2000 Stripe Decoding functionality of Nitro Software, Inc.’s Nitro Pro…
CVE-2020-6113 — CVSS 7.8 (high): An exploitable vulnerability exists in the object stream parsing functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242 when…
CVE-2017-7950 — CVSS 5.5 (medium): Nitro Pro 11.0.3 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted PCX file.
CVE-2020-6093 — CVSS 5.5 (medium): An exploitable information disclosure vulnerability exists in the way Nitro Pro 13.9.1.155 does XML error handling. A specially crafted PDF…
CVE-2018-18689 — CVSS 5.3 (medium): The Portable Document Format (PDF) specification does not provide any information regarding the concrete procedure of how to validate…
CVE-2018-18688 — CVSS 5.3 (medium): The Portable Document Format (PDF) specification does not provide any information regarding the concrete procedure of how to validate…