CVE-2020-6092: Integer Overflow
First published: Mon May 18 2020(Updated: )
An exploitable code execution vulnerability exists in the way Nitro Pro 13.9.1.155 parses Pattern objects. A specially crafted PDF file can trigger an integer overflow that can lead to arbitrary code execution. In order to trigger this vulnerability, victim must open a malicious file.
Credit: talos-cna@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Gonitro Nitro Pro | =13.9.1.155 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2020-6092?
The severity of CVE-2020-6092 is high with a severity value of 7.8.
How does CVE-2020-6092 affect Nitro Pro?
CVE-2020-6092 affects Nitro Pro version 13.9.1.155.
What is the vulnerability description of CVE-2020-6092?
CVE-2020-6092 is a code execution vulnerability in Nitro Pro 13.9.1.155 that occurs when parsing Pattern objects in a specially crafted PDF file, potentially leading to arbitrary code execution.
How can CVE-2020-6092 be exploited?
CVE-2020-6092 can be exploited by the victim opening a malicious PDF file.
Is there a fix available for CVE-2020-6092?
It is recommended to update Nitro Pro to version 13.13.2.242 or later to fix CVE-2020-6092.
- collector/nvd-index
- vendor/gonitro
- canonical/gonitro nitro pro
- version/gonitro nitro pro/13.9.1.155