Skip to content

GitLab

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
P
poppler
  • Project overview
    • Project overview
    • Details
    • Activity
    • Releases
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 614
    • Issues 614
    • List
    • Boards
    • Labels
    • Service Desk
    • Milestones
  • Merge Requests 38
    • Merge Requests 38
  • CI / CD
    • CI / CD
    • Pipelines
    • Jobs
    • Schedules
  • Operations
    • Operations
    • Incidents
    • Environments
  • Packages & Registries
    • Packages & Registries
    • Container Registry
  • Analytics
    • Analytics
    • CI / CD
    • Repository
    • Value Stream
  • Snippets
    • Snippets
  • Members
    • Members
  • Collapse sidebar
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
  • poppler
  • poppler
  • Issues
  • #878

Closed
Open
Opened Jan 24, 2020 by Jens Mueller@jensvoid

PDF Deflate bombs may cause crashes or resource exhaustion

Streams in PDF files can be compressed, which may result in "deflate bombs" if not handled by the PDF processing application / library. Find attached three simple PDF compression bombs (10MB on disk to 10GB in memory). Note the compressed stream can be used multiple times in a single PDF document. The PDF files have been gzipped as a precaution mechanism, in order to prevent DoS when accidentally previewing them (gunzip them before the actual testing). Maybe resource limitations should be enforced by Poppler?

01-dos-02-deflate-bomb.pdf.gz

01-dos-02-deflate-bomb2.pdf.gz

01-dos-02-deflate-bomb3.pdf.gz

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Assignee
Assign to
None
Milestone
None
Assign milestone
Time tracking
None
Due date
None
Reference: poppler/poppler#878