GCVE - cpe:2.3:a:n/a:nitro_pro:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:n/a:nitro_pro:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	N/A (`22f567d3-1203-528c-8f0e-3eb9c2f6ca78`)
Product	Nitro Pro (`c52b952f-42b9-53b7-b283-9079699a05c8`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2021-21798`	vulnerable	2026-06-08 05:29:13.279374	Details available HIGH (8.8) An exploitable return of stack variable address vulnerability exists in the JavaScript implementation of Nitro Pro PDF. A specially crafted document can cause a stack variable to go out of scope, resulting in the application dereferencing a stale pointer. This can lead to code execution under the context of the application. An attacker can convince a user to open a document to trigger the vulnerability. Published: 2021-09-15T13:19:16.000Z Updated: 2024-08-03T18:23:29.542Z Open on db.gcve.eu Reference links https://talosintelligence.com/vulnerability_reports/TALOS-2021-1267	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-21797`	vulnerable	2026-06-08 05:29:13.278997	Details available HIGH (8.8) An exploitable double-free vulnerability exists in the JavaScript implementation of Nitro Pro PDF. A specially crafted document can cause a reference to a timeout object to be stored in two different places. When closed, the document will result in the reference being released twice. This can lead to code execution under the context of the application. An attacker can convince a user to open a document to trigger this vulnerability. Published: 2021-10-18T12:45:35.000Z Updated: 2024-08-03T18:23:29.523Z Open on db.gcve.eu Reference links https://talosintelligence.com/vulnerability_reports/TALOS-2021-1266	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-21796`	vulnerable	2026-06-08 05:29:13.277093	Details available HIGH (8.8) An exploitable use-after-free vulnerability exists in the JavaScript implementation of Nitro Pro PDF. A specially crafted document can cause an object containing the path to a document to be destroyed and then later reused, resulting in a use-after-free vulnerability, which can lead to code execution under the context of the application. An attacker can convince a user to open a document to trigger this vulnerability. Published: 2021-10-18T12:42:51.000Z Updated: 2024-08-03T18:23:29.537Z Open on db.gcve.eu Reference links https://talosintelligence.com/vulnerability_reports/TALOS-2021-1265	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-6146`	vulnerable	2026-06-08 05:26:44.601138	Details available HIGH (8.8) An exploitable code execution vulnerability exists in the rendering functionality of Nitro Pro 13.13.2.242 and 13.16.2.300. When drawing the contents of a page and selecting the stroke color from an 'ICCBased' colorspace, the application will read a length from the file and use it as a loop sentinel when writing data into the member of an object. Due to the object member being a buffer of a static size allocated on the heap, this can result in a heap-based buffer overflow. A specially crafted document must be loaded by a victim in order to trigger this vulnerability. Published: 2020-09-16T18:48:51.000Z Updated: 2024-08-04T08:55:21.961Z Open on db.gcve.eu Reference links https://talosintelligence.com/vulnerability_reports/TALOS-2020-1084	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-6116`	vulnerable	2026-06-08 05:26:44.573437	Details available HIGH (8.8) An arbitrary code execution vulnerability exists in the rendering functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242. When drawing the contents of a page using colors from an indexed colorspace, the application can miscalculate the size of a buffer when allocating space for its colors. When using this allocated buffer, the application can write outside its bounds and cause memory corruption which can lead to code execution. A specially crafted document must be loaded by a victim in order to trigger this vulnerability. Published: 2020-09-17T12:18:58.000Z Updated: 2024-08-04T08:47:41.014Z Open on db.gcve.eu Reference links https://talosintelligence.com/vulnerability_reports/TALOS-2020-1070	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-6115`	vulnerable	2026-06-08 05:26:44.572896	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-6113`	vulnerable	2026-06-08 05:26:44.569640	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-6112`	vulnerable	2026-06-08 05:26:44.567518	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-6093`	vulnerable	2026-06-08 05:26:44.528432	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-6092`	vulnerable	2026-06-08 05:26:44.527978	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-6074`	vulnerable	2026-06-08 05:26:44.496846	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.