Are these PDF object's presence normal in all documents which use Acroforms or XFA forms?
Question
2 0 obj
<</XFA 1 0 R >>
endobj
3 0 obj
<<
/Extensions
<<
/ADBE
<<
/ExtensionLevel 3
/BaseVersion /1.7
>>
>>
/AcroForm 2 0 R
/Type /Catalog
/Pages 4 0 R
/NeedsRendering true
>>
endobj
Actually, I was analyzing a PDF with CVE-2013-2729 where a specially crafted RLE8 encoded bitmap image causes a integer overflow via the XFA component of Adobe Reader.
Also, what is the difference between an direct and indirect object in PDF ?I am always confused in these two.
1 answers
solution1
2 ACCPTED 2015-01-10 12:15:31
First of all, these objects look completely innocent.
Secondly, the difference between direct and indirect objects is exactly what you would expect. If you look at the line:
<</XFA 1 0 R >>
That's the use of an indirect object. The object is defined elsewhere and in this dictionary it's referred to (indirected).
If you look at the line
/ExtensionLevel 3
That's the use of a direct object. The object is defined in place without indirection.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.