virus logo FortiClient Vulnerability

Nitro Pro CVE-2021-21798 Return of Stack Variable Address Vulnerability

description-logoDescription

An exploitable return of stack variable address vulnerability exists in the JavaScript implementation of Nitro Pro PDF. A specially crafted document can cause a stack variable to go out of scope, resulting in the application dereferencing a stale pointer. This can lead to code execution under the context of the application. An attacker can convince a user to open a document to trigger the vulnerability.

affected-products-logoAffected Applications

Nitro Pro

CVE References

CVE-2021-21798

Other References

https://www.gonitro.com/security/updates
ID 71085
Created Feb 15, 2022
Description
Updated		 Dec 15, 2023
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon
Coverage FortiClient
OS Windows
Vendor Nitro
Patch manual
Application Nitro Pro