CVE-2021-21798
Published: 15 September 2021
Summary
CVE-2021-21798 is a high-severity Return of Stack Variable Address (CWE-562) vulnerability in Gonitro Nitro Pro. Its CVSS base score is 7.8 (High).
Operationally, ranked in the top 1.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2021-8970
Vulnerability details
An exploitable return of stack variable address vulnerability exists in the JavaScript implementation of Nitro Pro PDF. A specially crafted document can cause a stack variable to go out of scope, resulting in the application dereferencing a stale pointer. This…
more
can lead to code execution under the context of the application. An attacker can convince a user to open a document to trigger the vulnerability.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.