Do Not Trust User Input While Rendering PDFs

I recently had the opportunity to team up with three other security researchers (Brett BuerhausCody Brocious (Daeken), Olivier Beg (Smiegles)) to examine the usage of PDF renders on the Internet.


While examining how one website rendered documents, we were able to identify that the website was using LibreOffice. The website would only render a document with certain file extensions. However, we observed that LibreOffice can do its own file type detection. Using LibreOffice's file type detection, we were able to render a GhostScript exploit. Based on code analysis of open source code, we believe that the ability to bypass file type detection is common online; however, the ability to render GhostScript is not.

While sharing fingerprinting files over Slack, we observed that our files were rendering/working as thumbnails. This led us to explore how Slack used LibreOffice and how it can be configured. We identified their use of unoconv (a command-line wrapper around LibreOffice) and a configuration issue introduced by unoconv.

The configuration issue we identified was in unoconv's utilization of the PyUNO API provided by LibreOffice & OpenOffice. We identified and fixed an issue in unoconv which led to a Server-Side Request Forgery (SSRF) & Local File Inclusion (LFI) vulnerability in web applications which passed untrusted documents to unoconv. This was issued CVE-2019-17400.

SSRF attacks can lead to information disclosure. The severity of such an attack is highly dependent on the internal network the attacker is able to access. LFI attacks can lead to source code and secret disclosure.

I would encourage any software or security professional reading this to review their utilization of PDF rendering libraries. We consider our research to be non-exhaustive and believe the risk is comparable to image processing with ImageMagick (see ImageTragick).

This is a great opportunity to take a defense-in-depth approach and make LFI and SSRF vulnerabilities worthless to attackers by isolating PDF rendering in a Docker container, or similar isolation technique.

 We published the technical details of our findings in a blog post here:

We believe we responsibly reported all vulnerabilities discussed above. As always, do not attempt to exploit a service without explicit permission.

Article Link: