{"id":3683,"date":"2017-09-06T01:52:00","date_gmt":"2017-09-05T23:52:00","guid":{"rendered":"http:\/\/borncity.com\/win\/?p=3683"},"modified":"2024-10-05T23:26:02","modified_gmt":"2024-10-05T21:26:02","slug":"6-year-old-loop-bug-in-many-pdf-viewers","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2017\/09\/06\/6-year-old-loop-bug-in-many-pdf-viewers\/","title":{"rendered":"6 year old loop bug in many PDF viewers"},"content":{"rendered":"

[German<\/a>]In 2011 an obscure bug was found in a PDF parsing library. Six years later, this bug is still contained in the top PDF programs currently in use. <\/p>\n

<\/p>\n

This has been reported by Hanno B\u00f6ck in his blog article Six year old PDF loop bug affects most major implementations<\/a>. B\u00f6ck had recently investigated the library qpdf contained in many PDF packages with afl and libfuzzer. Opening a special prepared PDF file causes a high CPU load and a memory error occurs after several minutes. The PDF parser seems to be in an endless loop. <\/p>\n

\"\"B\u00f6ck refers to a presentation by CCCfrom 2011<\/a>, where such a bug has already been reported. The problem was fixed at the time, but it seems that vendors of PDF readers are not aware of this issue. The qpdf problem in the above analysis is the same as reported here<\/a> (a test file can be found here<\/a>). <\/p>\n

B\u00f6ck writes that the Github Javascript PDF viewer is also affected. The PDF viewer in Mozilla Firefox? Affected<\/a>, because they use pdf. js – like Github. Google Chrome \/ Chromium, which use the PDFium library, is also affected.  Ghostscript is as affected as other PDF parsers<\/a>. Only the Adobe Reader and Apple's internet OS X PDF Viewer are not affected. B\u00f6ck schreibt, dass der Github Javascript PDF-Viewer auch betroffen sei.  (via<\/a>)<\/p>\n","protected":false},"excerpt":{"rendered":"

[German]In 2011 an obscure bug was found in a PDF parsing library. Six years later, this bug is still contained in the top PDF programs currently in use.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[580,22],"tags":[1021,69],"class_list":["post-3683","post","type-post","status-publish","format-standard","hentry","category-security","category-update","tag-pdf-reader","tag-security"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/3683","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=3683"}],"version-history":[{"count":1,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/3683\/revisions"}],"predecessor-version":[{"id":36111,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/3683\/revisions\/36111"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=3683"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=3683"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=3683"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}