Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An exploitable vulnerability exists in the object stream parsing functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242 when updating its cross-reference table. When processing an object stream from a PDF document, the application will perform a calculation in order to allocate memory for the list of indirect objects. Due to an error when calculating this size, an integer overflow may occur which can result in an undersized buffer being allocated. Later when initializing this buffer, the application can write outside its bounds which can cause a memory corruption that can lead to code execution. A specially crafted document can be delivered to a victim in order to trigger this vulnerability.
CVSS Information
N/A
Vulnerability Type
整数溢出或超界折返
Vulnerability Title
Nitro Software Nitro Pro 输入验证错误漏洞
Vulnerability Description
Nitro Software Nitro Pro是美国Nitro Software公司的一款PDF文档编辑器软件。该软件支持PDF文档编辑、PDF文档格式转换和PDF文档加密等功能。 Nitro Pro 13.13.2.242版本存在输入验证错误漏洞,该漏洞源于处理PDF文档的对象流时,为间接对象列表分配内存。由于计算此大小时出错,会发生整数溢出,从而导致分配的缓冲区过小。攻击者可借助该漏洞导致内存损坏,从而导致代码执行。
CVSS Information
N/A
Vulnerability Type
N/A