PatchSiren cyber security CVE debrief

CVE-2016-8713 Gonitro CVE debrief

CVE-2016-8713 is a high-severity PDF parsing memory corruption issue in Nitro Pro. The supplied record says a specially crafted PDF can trigger an out-of-bounds write, leading to potential memory corruption. Because the attack path involves opening or processing a malicious PDF, the main risk is to users and environments that routinely handle untrusted documents.

Vendor: Gonitro
Product: CVE-2016-8713
CVSS: HIGH 7.8
CISA KEV: Not listed in stored evidence
Original CVE published: 2017-02-10
Original CVE updated: 2026-05-13
Advisory published: 2017-02-10
Advisory updated: 2026-05-13

Who should care

Organizations using Nitro Pro on endpoints, especially teams that open externally supplied PDFs, process documents from email or web downloads, or rely on PDF parsing workflows in user-facing desktop environments.

Technical summary

The NVD record maps this issue to CWE-787 (out-of-bounds write) and gives a CVSS 3.1 vector of AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The vulnerability is described as a remote memory corruption issue in Nitro Pro PDF parsing, with crafted PDF content able to trigger corruption when the file is handled by the application. The supplied corpus also contains a version-reference mismatch: the narrative references Nitro Pro 10.5.9.9, while the NVD CPE entry lists Nitro PDF Pro 10.5.5.9 as vulnerable. Treat the product/version scope carefully and confirm affected builds against the vendor or advisory references.

Defensive priority

High. The issue is user-triggered, but the potential impact includes confidentiality, integrity, and availability consequences, so it warrants prompt remediation on any exposed Nitro Pro deployments.

Recommended defensive actions

Identify all Nitro Pro deployments and confirm the exact affected build(s) against vendor or advisory guidance.
Apply the vendor fix or move to a supported, patched Nitro Pro release if available.
Restrict handling of untrusted PDFs on high-value systems until remediation is complete.
Use email/web attachment filtering and sandboxing for inbound documents where possible.
Monitor for crashes or anomalous behavior in PDF parsing workflows as a sign of attempted exploitation or instability.

Evidence notes

Source evidence comes from the NVD record and its linked Talos/third-party references. The NVD metadata states the weakness as CWE-787 and includes a CVSS 3.1 vector requiring user interaction. The record description says a specially crafted PDF can cause memory corruption in Nitro Pro PDF parsing. The corpus does not provide a fixed version, and it contains a version discrepancy between the prose description and the NVD CPE entry.

Official resources

CVE-2016-8713 CVE record
CVE.org
CVE-2016-8713 NVD detail
NVD
Source item URL
nvd_modified
Mitigation or vendor reference
[email protected] - Third Party Advisory, VDB Entry
Mitigation or vendor reference
[email protected] - Technical Description, Third Party Advisory, VDB Entry

CVE published: 2017-02-10T17:59:00.230Z. NVD modified: 2026-05-13T00:24:29.033Z. The supplied corpus does not include a CVE embargo date or a vendor patch-release date.