Giters

snyk-labs / pdfjs-vuln-demo

This project is intended to serve as a proof of concept to demonstrate exploiting the vulnerability in the PDF.js (pdfjs-dist) library reported in CVE-2024-4367

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

PDF.js Vulnerability Demo Project

This project is intended to serve as a proof of concept to demonstrate exploiting the vulnerability in the PDF.js (pdfjs-dist) library reported in CVE-2024-4367

Getting Things Running

  • Fork and clone from this repository
  • npm install
  • npm run dev

Testing Things Out

  • First go to http://localhost:4321/

  • Choose whichever frontend framework component you want to test out (react, vue, svelte) by clicking on its corresponding card

  • Make sure the sample PDF (not exploiting the vulnerability) loads up

  • You can find and analyze all the sample PDFs in the /public directory. Each one attempts to demonstrate different ways to exploit the vulnerability.

  • When ready to test out a PDF that does exploit the vulnerability change the PDF file that the component is pointing to with the one you want to try

    For Example:

    // src/components/ReactPdfViewer.jsx
<Document
  file='/ex1.pdf'
  onLoadSuccess={onDocumentLoadSuccess}
  options={{}}>

About

This project is intended to serve as a proof of concept to demonstrate exploiting the vulnerability in the PDF.js (pdfjs-dist) library reported in CVE-2024-4367

Languages

Language:Astro 64.4%Language:JavaScript 18.5%Language:TypeScript 8.5%Language:Vue 5.1%Language:Svelte 3.5%