Jump to content

On The Topic of PDF Exploits

Recommended Posts

I wasn't sure what category to post this in.

So I downloaded and opened this file, and was informed it had a form in it that wasn't supported in my reader:


I ran it through peepdf and it shows:

Suspicious elements:
        /AcroForm: [1143]
        /Names: [1143, 1146]
        /XFA: [1144]
        /JavaScript: [1145, 1147, 1148, 1149]
        /JS: [1147, 1148, 1149]

Now, I've not done any further analysis to know if there's actually anything malicious in there (although it is a little suspicious for real scans of a book and not e.g. pirated ebooks that might come with some kind of tracking or DRM), but it got me wondering: What's the policy here when it comes to potential PDF exploits?

I didn't see a way to report files (if there is one), and archive.org provides JP2 images in a zip file for anyone wanting to avoid PDF altogether (although many readers you'd have to convert the images first). I've gotten plenty of books from the generous uploaders here that are clean (either in safe formats or running through peepdf shows nothing suspicious, and the last discovery of malware on one of my machines was a long time ago). Are PDF files scanned in some way before uploading, or is anyone allowed to dump PDF files onto the site like if you were to look elsewhere?

Sorry if this is a somewhat strange topic. This is a problem I see all over when it comes to downloading PDF files, and probably a hard one to address. I guess it is just download at your own risk, keep your software up-to-date, and run a trusted anti-virus? I never worried about PDF exploits until recently, since I wasn't aware of what they could do. I should probably look into converting my collection to a safer format in the future, but PDF seems like such a complicated format to me that I would be worried about loss of quality or unnecessary bloating of file size.

Not trying to scare anyone by the way! Just curious what you all think. Like I said, I don't know a lot about the PDF format.

Link to comment
Share on other sites

  • Retromags Curator

Files that are uploaded to the Retromags download manager can be reported, but because this was submitted by a user to file locker sites, there is no way to report it. This user links are also not vetted by us as far as I know; only files directly uploaded to the site are. 


I can take a look at the file and possibly create a cbr from it, or see if I have a different format for this file already. 

Is always a good idea to proceed with caution when it comes to user links. 

Link to comment
Share on other sites

We were supposed to have removed all user-submitted links, so that file shouldn't even be available here.  What's up, @Phillyman?

For that matter, a while back there was an oversight in permissions that made it possible for anyone to upload strategy guides to our download manager.  One particular user uploaded that file along with a dozen others, some of which were official PDFs and (possibly) none of which were actually scanned by the member in question.  I reported it at the time and E-Day deleted them all from our download manager, but I guess the user-submitted links were overlooked.

I say we delete the links AND the fields.  Phillyman has already removed the user submitted link fields from our magazine database, but it looks like he forgot about the strategy guide section as well (hey, it happens.  I forget it's there, too.  Once the Internet and super-detailed FAQs happened, strategy guides lost all importance.)

As for PDFs in general - this is just one reason of many we don't use them on our site.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Recent Achievements

    • gameboyguy earned a badge
      Member for 5 Years
    • gameboyguy earned a badge
      Member for 1 Day
    • gameboyguy earned a badge
      Member for 3 Months
    • gameboyguy earned a badge
      Member for 6 Months
    • gameboyguy earned a badge
      Member for 2 Years
  • Create New...
Affiliate Disclaimer: Retromags may earn a commission on purchases made through our affiliate links on Retromags.com and social media channels. As an Amazon & Ebay Associate, Retromags earns from qualifying purchases. Thank you for your continued support!