Closed Bug 1393476 Opened 7 years ago Closed 7 years ago

PDF xref loop causes denial of service

Categories

(Firefox :: PDF Viewer, enhancement)

Product:
Firefox
Component:
PDF Viewer
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
Firefox 57

People

(Reporter: hanno, Unassigned)

References

Details

(Whiteboard: [pdfjs-f-fixed-upstream] https://github.com/mozilla/pdf.js/pull/8824)

Attachments

(1 file)

loop_edited.pdf
1.65 KB, application/pdf
Details
Attached file loop_edited.pdf
6 years ago Andreas Bogk pointed out that with xref's in PDF files you can create a loop that will hang evince. It turns out that the very same bug is affecting the firefox internal PDF reader. The sample file has been published here: https://github.com/andreas23/pdfparser/blob/master/tests/loop_edited.pdf (I'm also attaching it.) Opening this file in Firefox causes the PDF viewer component to hang and Firefox will use a lot of CPU power. Notably the CPU usage will not go down if you just close the tab with the affected file - you have to close the whole browser. Thus it's a powerful browser DoS.
Whiteboard: [pdfjs-f-fixed-upstream] https://github.com/mozilla/pdf.js/pull/8824
Status: NEW → RESOLVED
Closed: 7 years ago
Depends on: 1393930
Resolution: --- → FIXED
Target Milestone: --- → Firefox 57
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: