Hi
This will be of interest to anyone testing PoDoFo or reviewing submitted
patches. It’s an analysis of 122 PDF CVEs found across a number of PDF products
presented at the Blackhat Security conference in March 2017. Products with most
CVEs found:
88 - Acrobat 88
15 - Foxit 15
8 – Adobe Digital Editions
5 - Chrome 5
3 - Apple Preview 3
3 - Windows PDF Library 3
https://www.blackhat.com/docs/asia-17/materials/asia-17-Liu-Dig-Into-The-Attack-Surface-Of-PDF-And-Gain-100-CVEs-In-1-Year.pdf
The slides have links to the PDF CVE test repositories maintained by Google and
Mozilla (these are useful for testing PoDoFo)
https://pdfium.googlesource.com/pdfium_tests/
https://github.com/mozilla/pdf.js/tree/master/test/pdfs
And an analysis of the PDF modules most affected by CVEs:
34 – PDF Convertor
24 – JPEG 2000
24 – XFA
21 – Rendering
12 – Fonts
4 – Others
3 – JPEG (raw)
Does PoDoFo support JPEG 2000 or XFA?
Best Regards
Mark
--
Mark Rogers - mark.rog...@powermapper.com<mailto:mark.rog...@powermapper.com>
PowerMapper Software Ltd - www.powermapper.com
Registered in Scotland No 362274 Quartermile 2 Edinburgh EH3 9GL
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Podofo-users mailing list
Podofo-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/podofo-users
