[okular] [Bug 416653] New: PDF Deflate bombs may cause crashes or resource exhaustion
Jens Mueller
bugzilla_noreply at kde.org
Thu Jan 23 16:38:10 GMT 2020
https://bugs.kde.org/show_bug.cgi?id=416653
Bug ID: 416653
Summary: PDF Deflate bombs may cause crashes or resource
exhaustion
Product: okular
Version: 1.3.3
Platform: Other
OS: Linux
Status: REPORTED
Severity: normal
Priority: NOR
Component: PDF backend
Assignee: okular-devel at kde.org
Reporter: jens.a.mueller+kde at rub.de
Target Milestone: ---
Streams in PDF files can be compressed, which may result in "deflate bombs" if
not handled by the PDF processing application. Find attached three simple PDF
compression bombs (10MB on disk to 10GB in memory). Note the compressed stream
can be used multiple times in a single PDF document. The PDF files have been
gzipped as a precaution mechanism, in order to prevent DoS when accidentally
previewing them (gunzip them before the actual testing). Maybe resource
limitations should be enforced by Okular / Poppler?
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the Okular-devel
mailing list