CVE-2020-6074: Use After Free
First published: Mon May 18 2020(Updated: )
An exploitable code execution vulnerability exists in the PDF parser of Nitro Pro 13.9.1.155. A specially crafted PDF document can cause a use-after-free which can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability.
Credit: talos-cna@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Gonitro Nitro Pro | =13.9.1.155 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this code execution vulnerability?
The vulnerability ID for this code execution vulnerability is CVE-2020-6074.
What is the affected software?
The affected software is Nitro Pro version 13.9.1.155.
What is the severity of CVE-2020-6074?
The severity of CVE-2020-6074 is high, with a severity value of 8.8.
How can a specially crafted PDF document trigger this vulnerability?
A specially crafted PDF document can cause a use-after-free vulnerability, leading to remote code execution.
Is there a link for more information about this vulnerability?
Yes, you can find more information about this vulnerability at [this link](https://talosintelligence.com/vulnerability_reports/TALOS-2020-0997).
- collector/nvd-index
- vendor/gonitro
- canonical/gonitro nitro pro
- version/gonitro nitro pro/13.9.1.155