On 2015-04-02, Eric Furman <ericfur...@fastmail.net> wrote: > I sometimes have to deal with PDF files (ugh) and all > I need is the ability to view and print them, nothing > fancy. With security in mind I would like to get opinions > on the best one to use.
So outside of Adobe's software there are a couple of different codebases for rendering PDFs. xpdf-derived (including Poppler), mupdf, iText (java one, mostly used in pdf manipulation programs), ghostscript. For open-source viewers, most are based on either poppler or mupdf. I'm not sure whether the in-browser renderers are based on these or something else, and likewise I don't know what code is used by printers that have direct pdf print support. Historically the xpdf/poppler code has shown up quite a few security-related bugs. mupdf has seen fewer but it's less widely used so may not have seen so much effort spent trying to break it. mupdf has a library, used by its own viewer and some other pdf viewers, e.g. zathura has it as an option. (I normally use mupdf's own viewer and if I didn't I would normally try to use something using that library unless I ran into some incompatibility). I haven't noticed any of the different viewers having any particular security-related features so within a particular library, I don't think there's a big reason to choose one viewer over another at the moment. Given the sort of data they're handling, it would be really nice if viewers had sandboxing for the parser/renderer...
