Skip to content
/ pdfjs-vuln-demo Public

This project is intended to serve as a proof of concept to demonstrate exploiting the vulnerability in the PDF.js (pdfjs-dist) library reported in CVE-2024-4367

6 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

snyk-labs/pdfjs-vuln-demo

BranchesTags

Repository files navigation

PDF.js Vulnerability Demo Project

This project is intended to serve as a proof of concept to demonstrate exploiting the vulnerability in the PDF.js (pdfjs-dist) library reported in CVE-2024-4367

Getting Things Running

  • Fork and clone from this repository
  • npm install
  • npm run dev

Testing Things Out

  • First go to http://localhost:4321/

  • Choose whichever frontend framework component you want to test out (react, vue, svelte) by clicking on its corresponding card

  • Make sure the sample PDF (not exploiting the vulnerability) loads up

  • You can find and analyze all the sample PDFs in the /public directory. Each one attempts to demonstrate different ways to exploit the vulnerability.

  • When ready to test out a PDF that does exploit the vulnerability change the PDF file that the component is pointing to with the one you want to try

    For Example:

    // src/components/ReactPdfViewer.jsx
<Document
  file='/ex1.pdf'
  onLoadSuccess={onDocumentLoadSuccess}
  options={{}}>

About

This project is intended to serve as a proof of concept to demonstrate exploiting the vulnerability in the PDF.js (pdfjs-dist) library reported in CVE-2024-4367

Resources

Readme
Activity
Custom properties

Stars

6 stars

Watchers

6 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages