CVE-2021-21798: 
Nitro Pro vulnerability analysis and mitigation

An exploitable return of stack variable address vulnerability exists in the JavaScript implementation of Nitro Pro PDF, identified as CVE-2021-21798. The vulnerability was discovered and disclosed on September 13, 2021. The affected versions include Nitro Pro 13.31.0.605 and 13.33.2.645. A specially crafted document can trigger this vulnerability when opened by a user, causing a stack variable to go out of scope and resulting in the application dereferencing a stale pointer (Talos Blog, NVD).

The vulnerability occurs in the JavaScript implementation of Nitro Pro PDF's document.flattenPages functionality. When a specially crafted document triggers the vulnerability, it causes a stack variable to go out of scope while still being stored within the JSContext. This happens because the implementation of the JSNative 'Document.flattenPages' binding raises a C++ exception, skipping over the code that would normally restore the JSContext.fp field. The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (NVD).

If successfully exploited, this vulnerability can lead to code execution under the context of the application. The impact is significant as it allows for complete compromise of the application's security context, potentially enabling an attacker to execute arbitrary code with the same privileges as the Nitro Pro PDF application (Talos Blog).

Users are advised to update to the latest version of Nitro Pro PDF. Additionally, the vulnerability can be mitigated by disabling JavaScript in the software's settings. The vendor has worked with Cisco Talos to ensure these issues are resolved and updates are available for affected customers (Talos Blog).