CVE-2020-6116
17.09.2020, 13:15
An arbitrary code execution vulnerability exists in the rendering functionality of Nitro Software, Inc.s Nitro Pro 13.13.2.242. When drawing the contents of a page using colors from an indexed colorspace, the application can miscalculate the size of a buffer when allocating space for its colors. When using this allocated buffer, the application can write outside its bounds and cause memory corruption which can lead to code execution. A specially crafted document must be loaded by a victim in order to trigger this vulnerability.Enginsight
| Vendor | Product | Version |
|---|---|---|
| gonitro | nitro_pro | 13.13.2.242 |
| gonitro | nitro_pro | 13.16.2.300 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-680 - Integer Overflow to Buffer OverflowThe product performs a calculation to determine how much memory to allocate, but an integer overflow can occur that causes less memory to be allocated than expected, leading to a buffer overflow.
- CWE-131 - Incorrect Calculation of Buffer SizeThe software does not correctly calculate the size to be used when allocating a buffer, which could lead to a buffer overflow.