CVE-2020-6113

Published: Sep 17, 2020Updated: Nov 21, 2024 Sources: CVE List NVDCWE-190

7.8HIGH

NVD MITRE

Description

An exploitable vulnerability exists in the object stream parsing functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242 when updating its cross-reference table. When processing an object stream from a PDF document, the application will perform a calculation in order to allocate memory for the list of indirect objects. Due to an error when calculating this size, an integer overflow may occur which can result in an undersized buffer being allocated. Later when initializing this buffer, the application can write outside its bounds which can cause a memory corruption that can lead to code execution. A specially crafted document can be delivered to a victim in order to trigger this vulnerability.

No summary for this CVE yet.

CVSS Vector Breakdown

Exploitability

AV:LAttack Vector

Local

AC:LAttack Complexity

Low

PR:NPrivileges Required

None

UI:RUser Interaction

Required

Scope

S:UScope

Unchanged

Impact

C:HConfidentiality

High

I:HIntegrity

High

A:HAvailability

High

Open in CVSS calculator →

Weaknesses

CWE-190 CWE-131 CWE-787

Affected Products

Nitro Pro n/a

nitro pro gonitro

Mixed

Consumer Software / productivity

gonitrocommercialConsumer Softwareaka nitro pro, nitropdf, nitro pdf pro

Exploitability

No known exploits, KEV entries, or remediation guidance available for this vulnerability yet.

No detection template yetWe can run the check for you — a free external exposure review, no install. Check my exposure

Attack Graph

Products CVE Techniques Tactics

Click technique nodes to view MITRE ATT&CK details. Scroll to zoom, drag to pan.

MITRE ATT&CK

2 techniques

Initial Access

Privilege Escalation

View detailed technique mapping

References

https://talosintelligence.com/vulnerability_reports/TALOS-2020-1063

talosintelligence.com

Timeline

Published

Sep 17, 2020

Last Updated

Nov 21, 2024

Unlock Complete Vulnerability Intelligence

Get the full picture for CVE-2020-6113 and every CVE in our database. Create a free account — no credit card required.

Create Free Account

Plain-language analysis

Impact assessment and exploitation scenario in plain English

Attack graph visualization

Interactive attack path and kill chain mapping

Exploit details & PoC links

ExploitDB, Metasploit, GitHub PoCs with direct links

Nuclei scanner templates

Ready-to-use vulnerability scanner templates

Full remediation guide

Patch instructions, workarounds, and compliance impact

Interactive AI chat

Ask questions about this vulnerability in natural language

Related vulnerabilities

Semantically similar CVEs and attack patterns

REST API & MCP access

Integrate vulnerability data into your workflows