CVE-2020-6146

EPSS 0.50% · P66 Updated Feb 24, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2020-6146

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

An exploitable code execution vulnerability exists in the rendering functionality of Nitro Pro 13.13.2.242 and 13.16.2.300. When drawing the contents of a page and selecting the stroke color from an 'ICCBased' colorspace, the application will read a length from the file and use it as a loop sentinel when writing data into the member of an object. Due to the object member being a buffer of a static size allocated on the heap, this can result in a heap-based buffer overflow. A specially crafted document must be loaded by a victim in order to trigger this vulnerability.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

堆缓冲区溢出

Source: NVD (National Vulnerability Database)

Vulnerability Title

Nitro Software Nitro Pro 缓冲区错误漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Nitro Software Nitro Pro是美国Nitro Software公司的一款PDF文档编辑器软件。该软件支持PDF文档编辑、PDF文档格式转换和PDF文档加密等功能。 Nitro Pro 13.13.2.242，13.16.2.300版本中存在安全漏洞。该漏洞允许攻击者加载特制的文档，从而导致基于堆的缓冲区溢出。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	Nitro Pro	Nitro Pro 13.13.2.242, Nitro Pro 13.16.2.300	-

II. Public POCs for CVE-2020-6146

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2020-6146

请登录查看更多情报信息。

Same Patch Batch · n/a · 2020-09-16 · 49 CVEs total

CVE-2020-7733	7.5 HIGH	Regular Expression Denial of Service (ReDoS)
CVE-2020-10715		Red Hat OpenShift web console 输入验证错误漏洞
CVE-2020-14519		Wibu CodeMeter WebSockets API 访问控制错误漏洞
CVE-2020-20406		Elementor Page Builder 跨站脚本漏洞
CVE-2020-24374		Freebox HD 输入验证错误漏洞
CVE-2020-24373		Freebox server 跨站请求伪造漏洞
CVE-2020-24376		Freebox HD 输入验证错误漏洞
CVE-2020-24377		Freebox OS Web interface 输入验证错误漏洞
CVE-2020-16233		CodeMeter 安全漏洞
CVE-2020-10718		Red Hat Wildfly 安全漏洞
CVE-2020-1694		Red Hat Keycloak 安全漏洞
CVE-2020-14509		wibu CodeMeter 安全漏洞
CVE-2020-10748		Red Hat Keycloak 跨站脚本漏洞
CVE-2020-25040		Singularity 安全漏洞
CVE-2020-14348		Red Hat AMQ 代码问题漏洞
CVE-2020-25039		Microsoft Research Singularity 安全漏洞
CVE-2020-13928		Apache Atlas 跨站脚本漏洞
CVE-2020-25015		Genexis Platinum 跨站请求伪造漏洞
CVE-2020-3990		VMware Workstation 输入验证错误漏洞
CVE-2020-3989		VMware Workstation 缓冲区错误漏洞

Showing top 20 of 49 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: Nitro Pro

Same vendor: n/a

Same weakness: CWE-122

V. Comments for CVE-2020-6146

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2020-6146

I. Basic Information for CVE-2020-6146

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2020-6146

III. Intelligence Information for CVE-2020-6146

Same Patch Batch · n/a · 2020-09-16 · 49 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2020-6146

Leave a comment