How severe is CVE-2020-6146?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.8 out of 10.

What type of vulnerability is CVE-2020-6146?

This is classified as CWE-122, which is a common weakness in software security.

CVE-2020-6146 - HIGH Severity | CVSS 8.8

Vulnerability Description

An exploitable code execution vulnerability exists in the rendering functionality of Nitro Pro 13.13.2.242 and 13.16.2.300. When drawing the contents of a page and selecting the stroke color from an 'ICCBased' colorspace, the application will read a length from the file and use it as a loop sentinel when writing data into the member of an object. Due to the object member being a buffer of a static size allocated on the heap, this can result in a heap-based buffer overflow. A specially crafted document must be loaded by a victim in order to trigger this vulnerability.

Related Vulnerabilities

CVE-2015-6457

HIGH

CVSS:8.8(High)

Moxa SoftCMS 1.3 and prior is susceptible to a buffer overflow condition that may crash or allow remote code execution. Moxa released SoftCMS version 1.4 on June 1, 2015, to address the vulnerability.

CWE-1222015

CVE-2016-9580

HIGH

CVSS:8.8(High)

An integer overflow vulnerability was found in tiftoimage function in openjpeg 2.1.2, resulting in heap buffer overflow.

CWE-1222016

CVE-2016-9581

HIGH

CVSS:8.8(High)

An infinite loop vulnerability in tiftoimage that results in heap buffer overflow in convert_32s_C1P1 was found in openjpeg 2.1.2.

CWE-1222016

CVE-2017-12704

HIGH

CVSS:8.8(High)

A heap-based buffer overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Researchers have identified multiple vulnerabilities where there is a lack of proper validatio...

CWE-1222017

CVE-2017-13090

HIGH

CVSS:8.8(High)

The retr.c:fd_read_body() function is called when processing OK responses. When the response is sent chunked in wget before 1.19.2, the chunk parser uses strtol() to read each chunk's length, but does...

CWE-1222017

CVE-2017-6037

HIGH

CVSS:8.8(High)

A Heap-Based Buffer Overflow issue was discovered in Wecon Technologies LEVI Studio HMI Editor before 1.8.1. This vulnerability causes a buffer overflow when a maliciously crafted project file is run ...

CWE-1222017