An exploitable Use After Free vulnerability exists in the CharProcs parsing functionality of NitroPDF. A specially crafted PDF can cause a type confusion, resulting in a Use After Free. An attacker can craft a malicious PDF to trigger this vulnerability.

Published : 2019-10-09 21:15 Updated : 2019-10-11 14:08

CVSS Score More info
Score 6.8 / 10
Vendor Product Version URI
Gonitro Nitropdf cpe:/a:gonitro:nitropdf:
  1. Gonitro (1) Search CVE
    1. Nitropdf (1) Search CVE


ID Name Description Links
CWE-416 Use After Free Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code. CVE
CWE-843 Access of Resource Using Incompatible Type ('Type Confusion') The program allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type. CVE

History of changes

Date Event
2019-10-11 14:08
2019-10-09 21:15