FortiClient VulnerabilityNitro Pro CVE-2020-6112 Use of Out-of-range Pointer Offset Vulnerability
Description
An exploitable code execution vulnerability exists in the JPEG2000 Stripe Decoding functionality of Nitro Software, Inc.s Nitro Pro 13.13.2.242 when decoding sub-samples. While initializing tiles with sub-sample data, the application can miscalculate a pointer for the stripes in the tile which allow for the decoder to write out of-bounds and cause memory corruption. This can result in code execution. A specially crafted image can be embedded inside a PDF and loaded by a victim in order to trigger this vulnerability.
Affected Applications
Nitro Pro
CVE References
CVE-2020-6112Other References
https://www.gonitro.com/security/updates| ID | 71082 |
| Created | Feb 15, 2022 |
| Description Updated |
Dec 15, 2023 |
| Risk |
|
| Coverage | FortiClient |
| OS | Windows |
| Vendor | Nitro |
| Patch | manual |
| Application | Nitro Pro |