CVE-2019-5045
First published: Wed Oct 09 2019(Updated: )
A specifically crafted jpeg2000 file embedded in a PDF file can lead to a heap corruption when opening a PDF document in NitroPDF 12.12.1.522. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim would need to open the malicious file.
Credit: talos-cna@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Gonitro Nitropdf | =12.12.1.522 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2019-5045?
CVE-2019-5045 is a vulnerability that can lead to a heap corruption when opening a PDF document in NitroPDF 12.12.1.522.
How can CVE-2019-5045 be exploited?
CVE-2019-5045 can be exploited by opening a specifically crafted jpeg2000 file embedded in a PDF file.
Which version of NitroPDF is affected by CVE-2019-5045?
NitroPDF version 12.12.1.522 is affected by CVE-2019-5045.
What is the severity of CVE-2019-5045?
CVE-2019-5045 has a severity rating of 7.8 (high).
Is there a fix available for CVE-2019-5045?
No specific fix information is available.
- collector/nvd-index
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/tags
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/gonitro
- canonical/gonitro nitropdf
- version/gonitro nitropdf/12.12.1.522