[poppler] Encrypted malicious PDFs fails
Alex
mysqlstudent at gmail.com
Wed Sep 13 22:20:42 UTC 2017
Hi,
I have a malicious PDF that fails to be detected properly apparently
because it's encrypted in some way:
# podofopdfinfo /var/tmp/Invoice\ -\ NF22394519.pdf
Error: An error 8 ocurred during uncompressing the pdf file.
PoDoFo encounter an error. Error: 8 ePdfError_InternalLogic
Error Description: An internal error occurred.
Callstack:
#0 Error Source:
/builddir/build/BUILD/podofo-0.9.1/src/base/PdfParser.cpp:209
Information: Unable to load objects from file.
#1 Error Source:
/builddir/build/BUILD/podofo-0.9.1/src/base/PdfParserObject.cpp:377
Information: Unable to parse the stream for object 30 0 obj .
#2 Error Source:
/builddir/build/BUILD/podofo-0.9.1/src/base/PdfEncrypt.cpp:1137
Information: CreateEncryptionInputStream does not yet
support AES
Would someone be interested in investigating this? Am I missing
something to properly detect and manage these?
https://www.dropbox.com/s/8bqkp5okojma83b/Invoice%20-%20NF22394519.pdf?dl=0
Is there a legitimate reason to encrypt a PDF in this way? In other
words, I can still see the contents and click on the malicious link,
but apparently not view the meta information about it...
More information about the poppler
mailing list