On Tue 18 Mar 2014 12:58:09 Ingo Schwarze wrote: > Security-wise, PDF is > one of the most dangerous file formats, nowadays.
That is true if the pdf reader you are using is configured to action all the extra bits which Adobe added to the standard (i.e. forms, flash and javascript). Without these "extras" it has the same risks as any other application consuming input from the web with regard to buffer overflows etc. I certainly would not use Adobe's Reader, slow and dangerous. Without these extras it is simply instructions to place marks on a canvas, much like svg, except that allows javascript. If you use gv to view postscript from the web you are actually running a postscript program in ghostscript so the attack surface is likely to be larger. Cheers Deri
