What is CVE-2020-6113?

CVE-2020-6113 is an exploitable vulnerability in Nitro Software Inc's Nitro Pro 13.13.2.242.

What is the severity of CVE-2020-6113?

The severity of CVE-2020-6113 is high with a CVSS score of 7.8.

How does CVE-2020-6113 affect Nitro Pro?

CVE-2020-6113 affects Nitro Pro 13.13.2.242 and 13.16.2.300 versions.

What is the vulnerability in Nitro Pro?

The vulnerability in Nitro Pro involves the object stream parsing functionality when updating the cross-reference table.

Is there a fix for CVE-2020-6113?

Currently, there is no known fix for CVE-2020-6113. It is recommended to update to the latest version of Nitro Pro and follow any security advisories from the software vendor.

Vulnerability/
CVE-2020-6113

high

8.8

CWE

131 190 787

17/9/2020

4/8/2024

CVE-2020-6113: Integer Overflow

First published: Thu Sep 17 2020(Updated: )

An exploitable vulnerability exists in the object stream parsing functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242 when updating its cross-reference table. When processing an object stream from a PDF document, the application will perform a calculation in order to allocate memory for the list of indirect objects. Due to an error when calculating this size, an integer overflow may occur which can result in an undersized buffer being allocated. Later when initializing this buffer, the application can write outside its bounds which can cause a memory corruption that can lead to code execution. A specially crafted document can be delivered to a victim in order to trigger this vulnerability.

Credit: talos-cna@cisco.com

Affected Software	Affected Version	How to fix
Gonitro Nitro Pro	=13.13.2.242
Gonitro Nitro Pro	=13.16.2.300

Never miss a vulnerability like this again

Reference Links

https://talosintelligence.com/vulnerability_reports/TALOS-2020-1063

Frequently Asked Questions

What is CVE-2020-6113?
CVE-2020-6113 is an exploitable vulnerability in Nitro Software Inc's Nitro Pro 13.13.2.242.
What is the severity of CVE-2020-6113?
The severity of CVE-2020-6113 is high with a CVSS score of 7.8.
How does CVE-2020-6113 affect Nitro Pro?
CVE-2020-6113 affects Nitro Pro 13.13.2.242 and 13.16.2.300 versions.
What is the vulnerability in Nitro Pro?
The vulnerability in Nitro Pro involves the object stream parsing functionality when updating the cross-reference table.
Is there a fix for CVE-2020-6113?
Currently, there is no known fix for CVE-2020-6113. It is recommended to update to the latest version of Nitro Pro and follow any security advisories from the software vendor.

collector/nvd-index
agent/severity
agent/weakness
agent/author
agent/references
agent/tags
agent/type
agent/description
agent/event
agent/first-publish-date
agent/softwarecombine
agent/last-modified-date
collector/mitre-cve
source/MITRE
vendor/gonitro
canonical/gonitro nitro pro
version/gonitro nitro pro/13.13.2.242
version/gonitro nitro pro/13.16.2.300

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.