A talk during this year's Black Hat IT security conference from early August seems to have revealed substantial security issues in many PDF viewers. PDF-XChange Viewer seems to be one of the most vulnerable products.
Any forecasts on when the issues will be fixed?
Talk: https://www.blackhat.com/us-20/briefin ... aws--20387
Info graphic, comparing various products: https://raw.githubusercontent.com/RUB- ... r/eval.png
Fixes for Current Security Issues?
Moderators: TrackerSupp-Daniel, Tracker Support, Paul - Tracker Supp, Vasyl-Tracker Dev Team, Chris - Tracker Supp, Sean - Tracker, Ivan - Tracker Software, Tracker Supp-Stefan
- Tracker Supp-Stefan
- Site Admin
- Posts: 17906
- Joined: Mon Jan 12, 2009 8:07 am
- Location: London
- Contact:
Re: Fixes for Current Security Issues?
Hello simonb,
Thanks for the post.
The version of our Editor used for those tests was too old! We received reports for some of those vulnerabilities in January, and all our versions since April have had numerous security fixes to address those.
The "Infinite Loop" and "Deflate Bomb" are not something that can reallistically be fixed, but on it's own they are not vulnerabilities that can expose your machine to an external attacker. Yes - those will hang the Editor and make it unusable, but other than that - they can not cause any real harm to your machine and software. All the other vulnerabilities from your list have been addressed well before August.
Kind regards,
Stefan
Thanks for the post.
The version of our Editor used for those tests was too old! We received reports for some of those vulnerabilities in January, and all our versions since April have had numerous security fixes to address those.
The "Infinite Loop" and "Deflate Bomb" are not something that can reallistically be fixed, but on it's own they are not vulnerabilities that can expose your machine to an external attacker. Yes - those will hang the Editor and make it unusable, but other than that - they can not cause any real harm to your machine and software. All the other vulnerabilities from your list have been addressed well before August.
Kind regards,
Stefan