Description
Nitro PDF Pro for Windows 14.41.1.4 contains a heap use-after-free vulnerability in the implementation of the JavaScript method this.mailDoc(). During execution, an internal XID object is allocated and then freed prematurely, after which the freed pointer is still passed into UI and logging helper functions. Because the freed memory region may contain unpredictable heap data or remnants of attacker-controlled JavaScript strings, downstream routines such as wcscmp() may process invalid or stale pointers. This can result in access violations and non-deterministic crashes.
Published: 2026-04-13
Score: 8.4 High
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service via application crash
Action: Patch
AI Analysis

Impact

Nitro PDF Pro for Windows contains a heap use‑after‑free bug in the JavaScript method this.mailDoc(). An XID object is created, freed prematurely, yet its pointer is still used in UI and logging functions. If the freed memory holds attacker‑controlled or corrupted data, operations such as string comparisons can dereference the stale pointer, leading to access violations and a crash. The primary consequence is a denial of service, as a maliciously crafted PDF can force the application to terminate unpredictably.

Affected Systems

The vulnerability affects Nitro PDF Pro for Windows version 14.41.1.4. No earlier or later versions are listed. Users running this exact build should consider the system at risk. No other products or platforms are noted in the advisory.

Risk and Exploitability

The CVSS score of 8.4 classifies the flaw as high severity. The EPSS score of less than 1% indicates the likelihood of exploitation remains low, and the vulnerability is not present in the CISA KEV catalog. Based on the description, the likely attack vector is a maliciously crafted PDF file that contains JavaScript targeting the this.mailDoc() method. An attacker would need a user to open the PDF, which could occur through phishing or social engineering. Until mitigated, the exposed system may experience spontaneous application crashes, potentially disrupting business processes.

Generated by OpenCVE AI on April 14, 2026 at 20:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check Nitro’s website for the latest update and install the patch if available.
  • Verify that your installed version is not 14.41.1.4.
  • Avoid opening PDF files from untrusted or unknown sources until a patch is applied.
  • Monitor crash logs for signs of exploitation attempts.

Generated by OpenCVE AI on April 14, 2026 at 20:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 23 Apr 2026 13:45:00 +0000

Type Values Removed Values Added
First Time appeared Gonitro
Gonitro nitro Pdf Pro
Microsoft
Microsoft windows
CPEs cpe:2.3:a:gonitro:nitro_pdf_pro:14.41.1.4:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Vendors & Products Gonitro
Gonitro nitro Pdf Pro
Microsoft
Microsoft windows

Wed, 15 Apr 2026 16:00:00 +0000

Type Values Removed Values Added
Title Use‑After‑Free in this.mailDoc() Leads to Crash in Nitro PDF Pro

Tue, 14 Apr 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 8.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 14 Apr 2026 16:45:00 +0000

Type Values Removed Values Added
Title Use‑After‑Free in this.mailDoc() Leads to Crash in Nitro PDF Pro
Weaknesses CWE-416

Tue, 14 Apr 2026 16:30:00 +0000

Type Values Removed Values Added
First Time appeared Nitro
Nitro pdf Pro
Vendors & Products Nitro
Nitro pdf Pro

Mon, 13 Apr 2026 15:30:00 +0000

Type Values Removed Values Added
Description Nitro PDF Pro for Windows 14.41.1.4 contains a heap use-after-free vulnerability in the implementation of the JavaScript method this.mailDoc(). During execution, an internal XID object is allocated and then freed prematurely, after which the freed pointer is still passed into UI and logging helper functions. Because the freed memory region may contain unpredictable heap data or remnants of attacker-controlled JavaScript strings, downstream routines such as wcscmp() may process invalid or stale pointers. This can result in access violations and non-deterministic crashes.
References

Subscriptions

Gonitro Nitro Pdf Pro
Microsoft Windows
Nitro Pdf Pro
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-14T16:30:15.973Z

Reserved: 2026-01-09T00:00:00.000Z

Link: CVE-2025-69627

cve-icon Vulnrichment

Updated: 2026-04-14T15:40:19.774Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-13T16:16:24.867

Modified: 2026-04-23T13:33:42.983

Link: CVE-2025-69627

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-15T15:45:07Z

Weaknesses