Description
Nitro PDF Pro for Windows 14.41.1.4 contains a NULL pointer dereference vulnerability in the JavaScript implementation of app.alert(). When app.alert() is called with more than one argument and the first argument evaluates to null (for example, app.alert(app.activeDocs, true) when app.activeDocs is null), the engine routes the call through a fallback path intended for non-string arguments. In this path, js_ValueToString() is invoked on the null value and returns an invalid string pointer, which is then passed to JS_GetStringChars() without validation. Dereferencing this pointer leads to an access violation and application crash when opening a crafted PDF.
Published: 2026-04-13
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service via crash
Action: Apply patch
AI Analysis

Impact

The vulnerability is a NULL pointer dereference within the JavaScript engine of Nitro PDF Pro for Windows. When app.alert() receives a null value as its first argument, the code incorrectly processes it, leading the engine to call js_ValueToString() on a null reference. The resulting invalid string pointer is then passed to JS_GetStringChars() without validation, causing an access violation that terminates the application. This crash results in a denial of service that can be triggered by a specially crafted PDF file. The weakness is CWE‑476 and results in a local application failure.

Affected Systems

Nitro PDF Pro for Windows, version 14.41.1.4 is affected. Users of this version are vulnerable when they open a malicious PDF that exploits the faulty app.alert() routine. No other products or versions are mentioned in the advisory.

Risk and Exploitability

The CVSS base score of 7.5 indicates a high impact vulnerability that can be abused without authentication. EPSS data is not available, and the issue is not listed in the CISA KEV catalog, implying it may not yet be actively exploited. The most likely attack vector is local file execution; an attacker can craft a PDF that triggers the crash when opened by a user. Mitigation requires applying a vendor update or restricting access to untrusted PDFs until a patch is available.

Generated by OpenCVE AI on April 13, 2026 at 20:54 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Download and install the latest Nitro PDF Pro release from the vendor’s official website.
  • Verify that the installed version is newer than 14.41.1.4 to ensure the bug is fixed.
  • If a patch is not yet available, avoid opening PDFs from untrusted or unknown sources.
  • Configure system or network controls to limit users’ ability to run unapproved PDF files.

Generated by OpenCVE AI on April 13, 2026 at 20:54 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
http://nitro.com cve-icon cve-icon
History

Thu, 23 Apr 2026 17:00:00 +0000

Type Values Removed Values Added
First Time appeared Gonitro
Gonitro nitro Pdf Pro
Microsoft
Microsoft windows
CPEs cpe:2.3:a:gonitro:nitro_pdf_pro:14.41.1.4:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Vendors & Products Gonitro
Gonitro nitro Pdf Pro
Microsoft
Microsoft windows

Tue, 14 Apr 2026 16:45:00 +0000

Type Values Removed Values Added
Title Null Pointer Dereference in Nitro PDF Pro JavaScript Leading to Crash

Tue, 14 Apr 2026 16:30:00 +0000

Type Values Removed Values Added
First Time appeared Nitro
Nitro pdf Pro
Vendors & Products Nitro
Nitro pdf Pro

Mon, 13 Apr 2026 19:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-476
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 13 Apr 2026 15:30:00 +0000

Type Values Removed Values Added
Description Nitro PDF Pro for Windows 14.41.1.4 contains a NULL pointer dereference vulnerability in the JavaScript implementation of app.alert(). When app.alert() is called with more than one argument and the first argument evaluates to null (for example, app.alert(app.activeDocs, true) when app.activeDocs is null), the engine routes the call through a fallback path intended for non-string arguments. In this path, js_ValueToString() is invoked on the null value and returns an invalid string pointer, which is then passed to JS_GetStringChars() without validation. Dereferencing this pointer leads to an access violation and application crash when opening a crafted PDF.
References

Subscriptions

Gonitro Nitro Pdf Pro
Microsoft Windows
Nitro Pdf Pro
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-13T19:01:40.478Z

Reserved: 2026-01-09T00:00:00.000Z

Link: CVE-2025-69624

cve-icon Vulnrichment

Updated: 2026-04-13T19:01:35.434Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-13T16:16:24.740

Modified: 2026-04-23T16:51:04.303

Link: CVE-2025-69624

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-14T16:35:50Z

Weaknesses