>podofopdfinfo /var/tmp/Invoice\ -\ NF22394519.pdf >Error: An error 8 ocurred during uncompressing the pdf file.
This is the list for poppler, not podofo. poppler's pdfinfo can read the file without a problem, and poppler-based tools and ghostscript can both read the file, so the error might be something wrong with podofo. podofoinfo 0.9.1 on my Fedora 25 laptop gets the same error (even on the same line numbers). I don't know if encrypting the pdf that way is legitimate, but if you are using podofopdfinfo or any other tool to scan PDFs and a given PDF crashes the tool, it is probably best to consider the PDF malicious. The PDF that you sent is editable, and if you search for /URI, the links are not in ascii/iso/utf8. That could be a sign that they are malicious and someone wanted to make them harder to scan. Regards, William ________________________________ From: poppler <[email protected]> on behalf of Alex <[email protected]> Sent: Wednesday, September 13, 2017 6:20 PM To: [email protected] Subject: [poppler] Encrypted malicious PDFs fails Hi, I have a malicious PDF that fails to be detected properly apparently because it's encrypted in some way: # podofopdfinfo /var/tmp/Invoice\ -\ NF22394519.pdf Error: An error 8 ocurred during uncompressing the pdf file. PoDoFo encounter an error. Error: 8 ePdfError_InternalLogic Error Description: An internal error occurred. Callstack: #0 Error Source: /builddir/build/BUILD/podofo-0.9.1/src/base/PdfParser.cpp:209 Information: Unable to load objects from file. #1 Error Source: /builddir/build/BUILD/podofo-0.9.1/src/base/PdfParserObject.cpp:377 Information: Unable to parse the stream for object 30 0 obj . #2 Error Source: /builddir/build/BUILD/podofo-0.9.1/src/base/PdfEncrypt.cpp:1137 Information: CreateEncryptionInputStream does not yet support AES Would someone be interested in investigating this? Am I missing something to properly detect and manage these? https://www.dropbox.com/s/8bqkp5okojma83b/Invoice%20-%20NF22394519.pdf?dl=0 Is there a legitimate reason to encrypt a PDF in this way? In other words, I can still see the contents and click on the malicious link, but apparently not view the meta information about it... _______________________________________________ poppler mailing list [email protected] https://lists.freedesktop.org/mailman/listinfo/poppler poppler Info Page - freedesktop.org<https://lists.freedesktop.org/mailman/listinfo/poppler> lists.freedesktop.org Subscribing to poppler: Subscribe to poppler by filling out the following form. Use of all freedesktop.org lists is subject to our Code of ...
_______________________________________________ poppler mailing list [email protected] https://lists.freedesktop.org/mailman/listinfo/poppler
