CVE-2020-6113: Integer Overflow

Published Sep 17, 2020
·
Updated

An exploitable vulnerability exists in the object stream parsing functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242 when updating its cross-reference table. When processing an object stream from a PDF document, the application will perform a calculation in order to allocate memory for the list of indirect objects. Due to an error when calculating this size, an integer overflow may occur which can result in an undersized buffer being allocated. Later when initializing this buffer, the application can write outside its bounds which can cause a memory corruption that can lead to code execution. A specially crafted document can be delivered to a victim in order to trigger this vulnerability.

Affected Software

2 affected components
Gonitro Nitro Pro=13.13.2.242
Gonitro Nitro Pro=13.16.2.300

Event History

Sep 17, 2020
CVE Published
via MITRE·12:23 PM
Data Sourced
via MITRE·12:23 PM
DescriptionSeverityWeakness
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is CVE-2020-6113?

CVE-2020-6113 is an exploitable vulnerability in Nitro Software Inc's Nitro Pro 13.13.2.242.

2

What is the severity of CVE-2020-6113?

The severity of CVE-2020-6113 is high with a CVSS score of 7.8.

3

How does CVE-2020-6113 affect Nitro Pro?

CVE-2020-6113 affects Nitro Pro 13.13.2.242 and 13.16.2.300 versions.

4

What is the vulnerability in Nitro Pro?

The vulnerability in Nitro Pro involves the object stream parsing functionality when updating the cross-reference table.

5

Is there a fix for CVE-2020-6113?

Currently, there is no known fix for CVE-2020-6113. It is recommended to update to the latest version of Nitro Pro and follow any security advisories from the software vendor.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203