CVE-2019-5046
First published: Wed Oct 09 2019(Updated: )
A specifically crafted jpeg2000 file embedded in a PDF file can lead to a heap corruption when opening a PDF document in NitroPDF 12.12.1.522. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim would need to open the malicious file.
Credit: talos-cna@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Nitro Pro | =12.12.1.522 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID of this heap corruption vulnerability?
The vulnerability ID of this heap corruption vulnerability is CVE-2019-5046.
How does this heap corruption vulnerability occur?
This heap corruption vulnerability occurs when opening a PDF document in NitroPDF 12.12.1.522 that contains a specifically crafted jpeg2000 file.
What can the outcome of this vulnerability be?
The outcome of this vulnerability can be arbitrary code execution by carefully manipulating memory.
Which software version is affected by this vulnerability?
The software version affected by this vulnerability is NitroPDF 12.12.1.522.
Is there a fix available for this vulnerability?
It is recommended to update NitroPDF to a patched version to fix this vulnerability.
- agent/weakness
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/references
- agent/first-publish-date
- agent/description
- agent/author
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/gonitro
- canonical/nitro pro
- version/nitro pro/12.12.1.522