Skip to content

This project is intended to serve as a proof of concept to demonstrate exploiting the vulnerability in the PDF.js (pdfjs-dist) library reported in CVE-2024-4367

Notifications You must be signed in to change notification settings

snyk-labs/pdfjs-vuln-demo

Repository files navigation

PDF.js Vulnerability Demo Project

This project is intended to serve as a proof of concept to demonstrate exploiting the vulnerability in the PDF.js (pdfjs-dist) library reported in CVE-2024-4367

Getting Things Running

  • Fork and clone from this repository
  • npm install
  • npm run dev

Testing Things Out

  • First go to http://localhost:4321/

  • Choose whichever frontend framework component you want to test out (react, vue, svelte) by clicking on its corresponding card

  • Make sure the sample PDF (not exploiting the vulnerability) loads up

  • You can find and analyze all the sample PDFs in the /public directory. Each one attempts to demonstrate different ways to exploit the vulnerability.

  • When ready to test out a PDF that does exploit the vulnerability change the PDF file that the component is pointing to with the one you want to try

    For Example:

    // src/components/ReactPdfViewer.jsx
    <Document
      file='/ex1.pdf'
      onLoadSuccess={onDocumentLoadSuccess}
      options={{}}>

About

This project is intended to serve as a proof of concept to demonstrate exploiting the vulnerability in the PDF.js (pdfjs-dist) library reported in CVE-2024-4367

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published