Are there any studies regarding the security of PDF viewer software from different vendors? I try to find the most secure reader.
Asked
Active
Viewed 781 times
1 Answers
3
PDF.js has been developed in javascript and is inside the (very secure) js sandbox. Chrome has one of the most secure js sandboxes, so you might want pdf.js in chrome.
Evince is very easily exploitable. I don't know which part the fuzz-testing included, but Evince bases on poppler, so that may make Okular insecure, too.
user10008
- 4,355
- 22
- 33
-
1What about using Chrome PDF Viewer that is bundled with the browser ( chrome://plugins/ ) - is it safe? – Marek Andreansky Aug 10 '15 at 12:14
-
@MarekAndreansky it runs in a sandbox too, so it can be used for normal use, burt pdf.js in chrome seems to be even safer. – user10008 Aug 10 '15 at 23:57
-
Why is pdf.js more secure? – Marek Andreansky Aug 11 '15 at 07:50
-
Its in an additional sandbox. – user10008 Aug 11 '15 at 14:05
-
1Do you have any security information about Sumatra PDF viewer? http://www.sumatrapdfreader.org/free-pdf-reader.html Even thou pdf.js in Chrome is safer it allocates 26 MB of memory compared to Sumatra that allocates only 6 MB – Marek Andreansky Aug 12 '15 at 11:09