Closed Bug 1393476 Opened 7 years ago Closed 7 years ago

PDF xref loop causes denial of service

Categories

(Firefox :: PDF Viewer, enhancement)

enhancement
Not set
normal

Tracking

()

RESOLVED FIXED
Firefox 57

People

(Reporter: hanno, Unassigned)

References

Details

(Whiteboard: [pdfjs-f-fixed-upstream] https://github.com/mozilla/pdf.js/pull/8824)

Attachments

(1 file)

Attached file loop_edited.pdf
6 years ago Andreas Bogk pointed out that with xref's in PDF files you can create a loop that will hang evince. It turns out that the very same bug is affecting the firefox internal PDF reader.

The sample file has been published here:
https://github.com/andreas23/pdfparser/blob/master/tests/loop_edited.pdf
(I'm also attaching it.)

Opening this file in Firefox causes the PDF viewer component to hang and Firefox will use a lot of CPU power. Notably the CPU usage will not go down if you just close the tab with the affected file - you have to close the whole browser. Thus it's a powerful browser DoS.
Whiteboard: [pdfjs-f-fixed-upstream] https://github.com/mozilla/pdf.js/pull/8824
Status: NEW → RESOLVED
Closed: 7 years ago
Depends on: 1393930
Resolution: --- → FIXED
Target Milestone: --- → Firefox 57
You need to log in before you can comment on or make changes to this bug.