[
https://issues.apache.org/jira/browse/PDFBOX-5026?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17238621#comment-17238621
]
Michael Klink commented on PDFBOX-5026:
---------------------------------------
Ah, I see, [~tilman] already there correctly analyzed the file in that issue
back in 2018.
Hhmmm, usually Aspose does not cause such issues. So it _might_ be manipulated
by some other software. But Aspose software has bugs, too, so the file just
_might_ be produced by them as is.
----
Nonetheless, there is a certain tendency in PDFBox development to try and
emulate Adobe Reader as it loads and fixes defect PDFs under the hood. So it's
not unlikely that they will use your PR.
I merely want to warn that such under-the-hood fixes are great attack vectors
for Shadow-Attack-like forgery. But at least you proposed those fixes only in
case of {{isLenient()}}...
> Trailer validation fails when Pages cannot be found in the current trailer
> --------------------------------------------------------------------------
>
> Key: PDFBOX-5026
> URL: https://issues.apache.org/jira/browse/PDFBOX-5026
> Project: PDFBox
> Issue Type: Bug
> Affects Versions: 2.0.21
> Reporter: Cody Wayne Holmes
> Priority: Major
> Attachments: issue9418.pdf
>
>
> I am seeing an issue where multiple trailers exist for a PDF, but the trailer
> that is being found does not contain a Pages object in the Root.
> The PDF does have a trailer that can be read with Pages in the root but the
> brute force approach needs to be taken when parsing is lenient.
> This issue can be seen as being resolved in pdf.js here
> [https://github.com/mozilla/pdf.js/commit/56e3648b656bed1bf4ff52aa3cd70e8a8e53b56f]
> And sample pdf:
> https://github.com/mozilla/pdf.js/blob/master/test/pdfs/issue9418.pdf
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
