rebel87
Reputation: 543
Are these PDF object's presence normal in all documents which use Acroforms or XFA forms?
2 0 obj
<</XFA 1 0 R >>
endobj
3 0 obj
<<
/Extensions
<<
/ADBE
<<
/ExtensionLevel 3
/BaseVersion /1.7
>>
>>
/AcroForm 2 0 R
/Type /Catalog
/Pages 4 0 R
/NeedsRendering true
>>
endobj
Actually, I was analyzing a PDF with CVE-2013-2729 where a specially crafted RLE8 encoded bitmap image causes a integer overflow via the XFA component of Adobe Reader.
Also, what is the difference between an direct and indirect object in PDF ?I am always confused in these two.
Upvotes: 1
Views: 126
Answers (1)
David van Driessche
Reputation: 7048
First of all, these objects look completely innocent.
Secondly, the difference between direct and indirect objects is exactly what you would expect. If you look at the line:
<</XFA 1 0 R >>
That's the use of an indirect object. The object is defined elsewhere and in this dictionary it's referred to (indirected).
If you look at the line
/ExtensionLevel 3
That's the use of a direct object. The object is defined in place without indirection.
Upvotes: 2
Related Questions
- Is this byte array a password-protected PDF document?
- How to decode a PDF stream?
- PDF Hidden objects
- Why is PDF form information stored on both 'Root.AcroForm.Fields' & 'Root.Pages.Kids[0].Annots'
- Data encoding when submitting a PDF form using AcroForm technology
- XFA missing filled fields?
- XFA forms on PDF file
- Special characters in PDF form fields and global and fieldbased DR
- What Activex control component is added by Interop.AcroPDFLib (Adobe Acrobat Browser Control Type Library 1.0)?
- Understanding the PDF DOM