PDF Encryption FAQ
Did we test Email/Encryption Gateways, Medical Products, or Printer/Fax devices against PDFex?
We only analyzed PDF Viewer Software (see our list).
PDF Signatures FAQ
Why did you not analyze Viewer X
We analyzed all PDF applications, which we could identity for signature support. See the following table.
Is there a logo for PDFex?
You can use the following logo for the PDFex attacks. It is licensed under the Creative Commons and free for any use.
List of PDF Software [1]
| Category | OS | Tool | Signatures |
|---|---|---|---|
| Browser | multiple | Chrome | N |
| Browser | multiple | Edge | N |
| Browser | multiple | Firefox (pdf.js) | N |
| Browser | multiple | Internet Explorer | N |
| Browser | multiple | Opera | N |
| Viewer | multiple | MuPDF | N+ |
| Viewer | Windows | PDF Reader (Windows Store App) | N |
| Viewer | Windows | PDF Viewer Go | N |
| Viewer | Windows | PDF Viewer Plus | N |
| Viewer | Windows | Slim PDF | N |
| Viewer | Windows | STDU Viewer | N |
| Viewer | Windows | Sumatra PDF | N |
| Viewer | Windows | Ultra PDF Viewer | N |
| Viewer | Windows | Xodo | N |
| Viewer | Linux | Okular | N |
| Viewer | Linux | Evince | N |
| Viewer | Linux | Zathura | N |
| Viewer | Linux | Xpdf | N |
| Viewer | Linux | Qpdfview | N |
| Viewer | Windows | PDF Doc | N |
| Editor | multiple | Corel PDF Fusion | N |
| Editor | multiple | Smallpdf | N |
| Viewer | multiple | Adobe Reader | Y |
| Viewer | multiple | Foxit Reader | Y |
| Viewer | Windows | eXpert PDF 12 Ultimate | Y |
| Viewer | Windows | Expert PDF Reader | Y |
| Viewer | Windows | Nitro Reader | Y |
| Viewer | Windows | Perfect PDF Viewer (Windows Store App) | Y |
| Viewer | Windows | PDF Experte 9 Ultimate | Y |
| Editor | multiple | Adobe Acrobat | Y |
| Editor | multiple | iSkysoft PDF Editor pro | Y |
| Editor | multiple | LibreOffice | Y~ |
| Editor | multiple | Master PDF Editor | Y~ |
| Editor | multiple | Nuance Power PDF | Y |
| Editor | multiple | Perfect PDF (Desktop Application) | Y |
| Editor | multiple | PDF Studio | Y |
| Editor | Windows | PDF Architect 6 | Y |
| Editor | Windows | PDFelement | Y~ |
| Editor | Windows | PDF-XChange | Y |
| Editor | Windows | Soda PDF | Y |
+only signing supported
~only visible signatures supported
#verification with command line tool
*according to vendor's website, not manually verified!
Where are the PDF libraries?
In the first phase of our security evaluation we concentrated on pdf viewers and online validation services, since they give a clear indication wether the attack was successful. To this point, we did not analyze PDF libraries like poppler (pdfsig) or pdfbox, since different configurations are possible. For example, the validation of a signed pdf can be executed with different calls in pdfbox.
Did you analyze other standards than PDF?
No, we only analyzed signatures in standard PDF version 1.7, without standards like PDF/A. Our exploits are using PDF version 1.4.
How to test your application/library/service
To test if our attacks can bypass your signature validation and/or your application logic, you can download the provided PoCs from our website and open the files. If your application can not detect the modification or shows no warning/error to the user that the document was modified after the signature creation your application is vulnerable.
Disclaimer: We provided a list of PoCs for which we know they can be used to bypass a set of applications. We created this PoCs over several months of intensive testing and fine tuning. Just because your application was able to detected all PoCs, it does not mean your application is secure against our attacks. To best of our knowledge you are only secure against such attacks, if you signature verification works as described in our paper in Listing 2.
Where can I find the Exploits/Example PDFs?
You can download the exploits (example PDFs) here
Is there a logo for the signature attacks?
Yes, despite the resistance of some of the authors we have one under Apache 2.0 license.
last updated: 2019/09/13 - 11:50 AM