Nitro PDF Pro before 14.43 for Windows contains a NULL pointer dereference vulnerability in the JavaScript implementation of app.alert(). When app.alert() is called with more than one argument and the first argument evaluates to null (for example, app.alert(app.activeDocs, true) when app.activeDocs is null), the engine routes the call through a fallback path intended for non-string arguments. In this path, js_ValueToString() is invoked on the null value and returns an invalid string pointer, which is then passed to JS_GetStringChars() without validation. Dereferencing this pointer leads to an access violation and application crash when opening a crafted PDF. For example, 14.41.1.4 and 14.42.0.34 have been reported as vulnerable.

Project Subscriptions

Vendors Products
Gonitro Subscribe
Nitro Pdf Pro Subscribe
Microsoft Subscribe
Windows Subscribe
Pdf Pro Subscribe
Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Sat, 11 Jul 2026 04:00:00 +0000

Type Values Removed Values Added
Title NULL Pointer Dereference in Nitro PDF Pro JavaScript Engine Leading to Crash

Thu, 09 Jul 2026 15:45:00 +0000

Type Values Removed Values Added
Title NULL Pointer Dereference in Nitro PDF Pro JavaScript Engine Leading to Crash

Thu, 09 Jul 2026 03:45:00 +0000

Type Values Removed Values Added
Title Denial of Service via Null Pointer Dereference in Nitro PDF Pro's app.alert()

Wed, 08 Jul 2026 09:15:00 +0000

Type Values Removed Values Added
Title Denial of Service via Null Pointer Dereference in Nitro PDF Pro's app.alert()

Mon, 06 Jul 2026 17:15:00 +0000

Type Values Removed Values Added
Title Null Pointer Dereference in Nitro PDF Pro JavaScript Leading to Crash

Sun, 05 Jul 2026 13:00:00 +0000

Type Values Removed Values Added
Description Nitro PDF Pro for Windows 14.41.1.4 contains a NULL pointer dereference vulnerability in the JavaScript implementation of app.alert(). When app.alert() is called with more than one argument and the first argument evaluates to null (for example, app.alert(app.activeDocs, true) when app.activeDocs is null), the engine routes the call through a fallback path intended for non-string arguments. In this path, js_ValueToString() is invoked on the null value and returns an invalid string pointer, which is then passed to JS_GetStringChars() without validation. Dereferencing this pointer leads to an access violation and application crash when opening a crafted PDF. Nitro PDF Pro before 14.43 for Windows contains a NULL pointer dereference vulnerability in the JavaScript implementation of app.alert(). When app.alert() is called with more than one argument and the first argument evaluates to null (for example, app.alert(app.activeDocs, true) when app.activeDocs is null), the engine routes the call through a fallback path intended for non-string arguments. In this path, js_ValueToString() is invoked on the null value and returns an invalid string pointer, which is then passed to JS_GetStringChars() without validation. Dereferencing this pointer leads to an access violation and application crash when opening a crafted PDF. For example, 14.41.1.4 and 14.42.0.34 have been reported as vulnerable.
References

Thu, 23 Apr 2026 17:00:00 +0000

Type Values Removed Values Added
First Time appeared Gonitro
Gonitro nitro Pdf Pro
Microsoft
Microsoft windows
CPEs cpe:2.3:a:gonitro:nitro_pdf_pro:14.41.1.4:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Vendors & Products Gonitro
Gonitro nitro Pdf Pro
Microsoft
Microsoft windows

Tue, 14 Apr 2026 16:45:00 +0000

Type Values Removed Values Added
Title Null Pointer Dereference in Nitro PDF Pro JavaScript Leading to Crash

Tue, 14 Apr 2026 16:30:00 +0000

Type Values Removed Values Added
First Time appeared Nitro
Nitro pdf Pro
Vendors & Products Nitro
Nitro pdf Pro

Mon, 13 Apr 2026 19:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-476
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 13 Apr 2026 15:30:00 +0000

Type Values Removed Values Added
Description Nitro PDF Pro for Windows 14.41.1.4 contains a NULL pointer dereference vulnerability in the JavaScript implementation of app.alert(). When app.alert() is called with more than one argument and the first argument evaluates to null (for example, app.alert(app.activeDocs, true) when app.activeDocs is null), the engine routes the call through a fallback path intended for non-string arguments. In this path, js_ValueToString() is invoked on the null value and returns an invalid string pointer, which is then passed to JS_GetStringChars() without validation. Dereferencing this pointer leads to an access violation and application crash when opening a crafted PDF.
References

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-07-05T12:45:06.398Z

Reserved: 2026-01-09T00:00:00.000Z

Link: CVE-2025-69624

cve-icon Vulnrichment

Updated: 2026-04-13T19:01:35.434Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-13T16:16:24.740

Modified: 2026-06-17T10:00:46.970

Link: CVE-2025-69624

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-11T03:45:16Z

Weaknesses