A problem exists in the way the PostScript interpreter handles dictionaries, with various effects as follows: (A) Regular PostScript page description programs may be affected, but it is unlikeky for them to be. (B) The Ghostscript PDF interpreter does not seem to be affected, even if lib\pdf_base.ps does create PostScript objects that are subject to this bug. (C) lib\pdfwrite.ps and tools based on it, like pdfinflt.ps, are affected. The symptom is an "Error: /undefined in --get--", with the output truncated somewhere inside the first stream's dictionary; the last token written is "/File". The bug appears with encrypted PDFs; it has nothing to do with encryption, but implementation details of a proc in pdf_base.ps prevent it from being triggered with the unencrypted ones. Note: The same symptom, but with a completely different cause, appears in bug #688152 "'Undefined in get' and extra trailer keys with pdfwrite.ps and PDF1.5+". (D) Last but not the least, this is a vulnerability that can be exploited to delete any file, even in safe mode. - the name of the file to be deleted must be known in advance or obtained by other means; - I *think* it cannot be exploited to read/ modify/ create files without having the appropriate permissions (PermitFileXxx).
Created attachment 1457 [details] Sample file: Bug688149.pdf. File to reproduce the problem. Specially created to isolate this particular bug; for other files, another error usually masks this one. PDF user/owner passwords: "user", respectively "owner" (without quotes). Command line (Windows): gswin32c -dNOPAUSE -sPDFPassword=owner \ -- toolbin\pdfinflt.ps Bug688149.pdf out.pdf
Created attachment 1458 [details] Suggested patch. The patch fixes only the problem mentioned in this report. The command shown in comment #1 above will succeed, but the output PDF will still be invalid because encrypted PDFs are not processed properly (bugs unrelated to this one).
Patch committed. Thanks to mat Gh Savulescu for for the bug report, the patch and excellent analysis of the problem.