Hello Mark, hello all, > On 19 April 2018 at 08:45 Mark Rogers <[email protected]> wrote: > Hi > This will be of interest to anyone testing PoDoFo or reviewing submitted > patches. It’s an analysis of 122 PDF CVEs found across a number of PDF > products presented at the Blackhat Security conference in March 2017. > Products with most CVEs found: > > 88 - Acrobat 88 > 15 - Foxit 15 > 8 – Adobe Digital Editions > 5 - Chrome 5 > 3 - Apple Preview 3 > 3 - Windows PDF Library 3
these (in the left column) already add up to 122 so they're all of them, not "most", and what I miss on the right are the version numbers ;-) ... > > https://www.blackhat.com/docs/asia-17/materials/asia-17-Liu-Dig-Into-The-Attack-Surface-Of-PDF-And-Gain-100-CVEs-In-1-Year.pdf > > > > The slides have links to the PDF CVE test repositories maintained by > Google and Mozilla (these are useful for testing PoDoFo) > > https://pdfium.googlesource.com/pdfium_tests/ > > https://github.com/mozilla/pdf.js/tree/master/test/pdfs > Thank you for the links, they could be very useful. > And an analysis of the PDF modules most affected by CVEs: > > 34 – PDF Convertor > 24 – JPEG 2000 > 24 – XFA > 21 – Rendering > 12 – Fonts > 4 – Others > 3 – JPEG (raw) > > > Does PoDoFo support JPEG 2000 or XFA? No, it does not support either yet. Of course, rendering is outside its scope. > > > Best Regards > Mark Best regards, mabri ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Podofo-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/podofo-users
