CVE-2020-6115 : What You Need to Know

An exploitable vulnerability exists in the cross-reference table repairing functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242. A specially crafted document can trigger a use-after-free condition.

Understanding CVE-2020-6115

This CVE involves a vulnerability in Nitro Pro that can be exploited through a malicious document.

What is CVE-2020-6115?

The vulnerability in Nitro Pro allows an attacker to trigger a use-after-free condition by manipulating the cross-reference table repairing functionality.

The Impact of CVE-2020-6115

The vulnerability has a CVSS base score of 8.8, indicating a high severity level. It can lead to memory access issues and potentially allow an attacker to execute arbitrary code.

Technical Details of CVE-2020-6115

This section provides more in-depth technical information about the vulnerability.

Vulnerability Description

The issue arises when the application saves a reference to an object's cross-reference table entry inside a stack variable, leading to a use-after-free condition upon accessing memory belonging to the recently freed table.

Affected Systems and Versions

Product: Nitro Pro
Versions: Nitro Pro 13.13.2.242, Nitro Pro 13.16.2.300

Exploitation Mechanism

A specially crafted document can be delivered by an attacker and loaded by a victim to exploit this vulnerability.

Mitigation and Prevention

To address CVE-2020-6115, follow these mitigation strategies:

Immediate Steps to Take

Update Nitro Pro to the latest version to patch the vulnerability.
Avoid opening documents from untrusted or unknown sources.

Long-Term Security Practices

Regularly update software and security patches.
Educate users on safe document handling practices.

Patching and Updates

Ensure that Nitro Pro is regularly updated to the latest version to mitigate the risk of exploitation.