[poppler] Encrypted malicious PDFs fails
Albert Astals Cid
aacid at kde.org
Thu Sep 14 17:39:05 UTC 2017
El dimecres, 13 de setembre de 2017, a les 18:20:42 CEST, Alex va escriure:
> Hi,
>
> I have a malicious PDF that fails to be detected properly apparently
> because it's encrypted in some way:
"Fails to be detected properly" by what?
Cheers,
Albert
>
> # podofopdfinfo /var/tmp/Invoice\ -\ NF22394519.pdf
> Error: An error 8 ocurred during uncompressing the pdf file.
>
>
> PoDoFo encounter an error. Error: 8 ePdfError_InternalLogic
> Error Description: An internal error occurred.
> Callstack:
> #0 Error Source:
> /builddir/build/BUILD/podofo-0.9.1/src/base/PdfParser.cpp:209
> Information: Unable to load objects from file.
> #1 Error Source:
> /builddir/build/BUILD/podofo-0.9.1/src/base/PdfParserObject.cpp:377
> Information: Unable to parse the stream for object 30 0 obj
> . #2 Error Source:
> /builddir/build/BUILD/podofo-0.9.1/src/base/PdfEncrypt.cpp:1137
> Information: CreateEncryptionInputStream does not yet
> support AES
>
> Would someone be interested in investigating this? Am I missing
> something to properly detect and manage these?
>
> https://www.dropbox.com/s/8bqkp5okojma83b/Invoice%20-%20NF22394519.pdf?dl=0
>
> Is there a legitimate reason to encrypt a PDF in this way? In other
> words, I can still see the contents and click on the malicious link,
> but apparently not view the meta information about it...
> _______________________________________________
> poppler mailing list
> poppler at lists.freedesktop.org
> https://lists.freedesktop.org/mailman/listinfo/poppler
More information about the poppler
mailing list