CVE-2020-10222 Information
Feb 14, 2021
cve
Description
npdf.dll in Nitro Pro before 13.13.2.242 is vulnerable to Heap Corruption at npdf!nitro::get_property+2381 via a crafted PDF document.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
Reference
https://github.com/nafiez/nafiez.github.io/blob/master/_posts/2020-03-05-fuzzing-heap-corruption-nitro-pdf-vulnerability.md https://nafiez.github.io/security/vulnerability/corruption/fuzzing/2020/03/05/fuzzing-heap-corruption-nitro-pdf-vulnerability.html
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
REQUIRED
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
NONE
Base Score
HIGH
Base Severity
8.1
Share on: