After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 731253 - evince thumbnailer vulnerable with huge PDFs / ZIP bombs
evince thumbnailer vulnerable with huge PDFs / ZIP bombs
Status: RESOLVED OBSOLETE
Product: evince
Classification: Core
Component: general
unspecified
Other Linux
: Normal major
: ---
Assigned To: Evince Maintainers
Evince Maintainers
Depends on:
Blocks:
 
 
Reported: 2014-06-05 07:44 UTC by Lukas Pirl
Modified: 2018-05-22 15:36 UTC
See Also:
GNOME target: ---
GNOME version: ---


Description Lukas Pirl 2014-06-05 07:44:07 UTC 
If you have a very large (may be compressed) PDF, the thumbnail generation can eat all your disk space. If /tmp is mounted into ram, you'll find yourself rebooting your system a few minutes later. ;)

An example file can be created using this command:
$ dd if=/dev/zero bs=1M count=1048576 | bzip2 > huge.pdf.bz2

Once you open the directory where the file is stored in Nautilus, Nautilus will try to create a thumbnail for this file and trigger the behavior mentioned above.
(I don't know if this stronger relates to Nautilus!?)

Thanks! :)
Comment 1 GNOME Infrastructure Team 2018-05-22 15:36:54 UTC 
-- GitLab Migration Automatic Message --

This bug has been migrated to GNOME's GitLab instance and has been closed from further activity.

You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.gnome.org/GNOME/evince/issues/467.