GNOME Bugzilla – Bug 731253
evince thumbnailer vulnerable with huge PDFs / ZIP bombs
Last modified: 2018-05-22 15:36:54 UTC
If you have a very large (may be compressed) PDF, the thumbnail generation can eat all your disk space. If /tmp is mounted into ram, you'll find yourself rebooting your system a few minutes later. ;) An example file can be created using this command: $ dd if=/dev/zero bs=1M count=1048576 | bzip2 > huge.pdf.bz2 Once you open the directory where the file is stored in Nautilus, Nautilus will try to create a thumbnail for this file and trigger the behavior mentioned above. (I don't know if this stronger relates to Nautilus!?) Thanks! :)
-- GitLab Migration Automatic Message -- This bug has been migrated to GNOME's GitLab instance and has been closed from further activity. You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.gnome.org/GNOME/evince/issues/467.