On Fri, Oct 07, 2016 at 02:08:31PM +0200, Michael Stahl wrote: > On 07.10.2016 13:54, Khaled Hosny wrote: > > On Fri, Oct 07, 2016 at 01:00:05PM +0200, Michael Stahl wrote: > >> On 05.10.2016 23:50, Larry Evans wrote: > >>> On 10/05/2016 03:07 PM, Michael Stahl wrote: > >>>> On 05.10.2016 17:24, Michael Meeks wrote: > >>>> > >>>> actually the separate process is a potential security advantage, if we > >>>> would only realize that and sandbox it properly - C++ based PDF readers > >>>> tend to accumulate quite some CVEs... > >>> [snip] > >>> CVE = Common Vulnerabilities and Exposures?: > >>> https://cve.mitre.org/about/ > >> > >> yes, now look here > >> https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=xpdf > > > > PDFium (Chrome’s embedded PDF reader), is not much better either: > > https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=pdfium > > ok that looks pretty bad, but then what can you expect from C++... did > anybody write a PDF library in Rust yet? that would be the one i'd want > to use :)
MuPDF is written in C, but it has much fewer CVEs (but that might be because it is not as widely used as the others): https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=mupdf Regards, Khaled _______________________________________________ LibreOffice mailing list LibreOffice@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice
