CVE-2019-18958
First published: Thu Nov 21 2019(Updated: )
Nitro Pro before 13.2 creates a debug.log file in the directory where a .pdf file is located, if the .pdf document was produced by an OCR operation on the JPEG output of a scanner. Reportedly, this can have a security risk if debug.log is later edited and then executed.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Gonitro Nitro Pro | <13.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for Nitro Pro?
The vulnerability ID for Nitro Pro is CVE-2019-18958.
What is the severity of CVE-2019-18958?
The severity of CVE-2019-18958 is high with a score of 7.8.
What software versions are affected by CVE-2019-18958?
Nitro Pro versions up to and exclusive of 13.2 are affected by CVE-2019-18958.
What is the security risk associated with CVE-2019-18958?
The security risk associated with CVE-2019-18958 is the creation of a debug.log file in the directory where a .pdf file is located, which can be edited and executed, posing a risk to the system.
Is there a fix available for CVE-2019-18958?
Yes, upgrading Nitro Pro to version 13.2 or above will fix the vulnerability CVE-2019-18958.
- collector/nvd-index
- agent/severity
- agent/author
- agent/type
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- vendor/gonitro
- canonical/gonitro nitro pro