CVE-2020-6093

Summary

An exploitable information disclosure vulnerability exists in the way Nitro Pro 13.9.1.155 does XML error handling. A specially crafted PDF document can cause uninitialized memory access resulting in information disclosure. In order to trigger this vulnerability, victim must open a malicious file.

Affected Software

VendorProductVersion RangeStatus
n/aNitro ProNitro Pro 13.9.1.155affected

Weaknesses

  • CWE-824: CWE-824: Access of Uninitialized Pointer

ADP Enrichment

CVE Program Container

Additional References

References