PDF Security Vulnerabilities
The cluster focuses on discussions about the inherent security risks of PDF files, including JavaScript execution, exploits in PDF renderers like Adobe Reader, and comparisons of safer alternatives such as browser viewers or Preview.
Activity Over Time
Top Contributors
Keywords
Sample Comments
You know that PDFs aren't unsafe, right?
Could you elaborate are you referring to a specific PDF vulnerability? Could you share a link to it? Thanks.
Don't count on PDF being enough. That monstrosity of a format can now contain JavaScript and elements that phone home / authorize a render / download decryption keys etc...
PDF has quite the attack surface. It supports Javascript, 3D models, JBIG2 compression that turns 8's into 6's and all sorts of strange things.
This is horrifying, PDFs should not be able to execute code.
why??? for what possible secure white hat reason could you want to run js in pdfs??!? is nobody sane running the pdf org?
PDF renderers have been historically insecure due to the PDF format being a complete mess
Think about how much worse PDF exploits would be if they did!
Is the PDF format itself broken, or just the awful Adobe Reader? There are dozens of PDF reader implementations, including all the major browsers. I cannot imagine they are all exploitable in the same way.
The vulnerability is in Adobe Reader. PDF is a file format and there are other readers.