Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20180906162109.GB19583@takahe.colorado.edu>
Date: Thu, 6 Sep 2018 10:21:09 -0600
From: Leonid Isaev <leonid.isaev@...a.colorado.edu>
To: oss-security@...ts.openwall.com
Subject: Re: Re: More Ghostscript Issues: Should we disable PS
 coders in policy.xml by default?

On Thu, Sep 06, 2018 at 03:17:25PM +0200, Jakub Wilk wrote:
> * Leonid Isaev <leonid.isaev@...a.colorado.edu>, 2018-09-05, 17:32:
> > pdf files can contains things like javascript...
> 
> Do any open-source PDF browsers actually execute embedded JS?

Currently, evince, okular and gv don't. The same goes for zathura with its
poppler backend (haven't checked this, but pretty sure). But then there is also
Artifex Mupdf which, AFAIR, supports JS in pdf files (by extension, so does
zathura when viewing a pdf file using the mupdf plugin). I don't know how
complete that support is. Most importantly, many Android pdf/ebook readers
probably include JS support.

CHeers,
L.

-- 
Leonid Isaev

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.