Inspection and Sanitization Guidance for Portable Document Format

Abstract: The purpose of this document is to provide guidance for the development of a sanitization and analysis software tool for the Portable Document Format (PDF).  It provides inspection and analysis on various elements and objects that are contained within the PDF file structure and how they can be a cause for concern for either hiding sensitive data or attempts to exploit a system.  This document provides an analysis of numerous features in PDF and also provides recommendations to mitigate these threats to provide a safer file. Although this report does not mention vulnerabilities related to a specific PDF reader software application, however there were a number of them used in the analysis of the standard.

Date Published:

Last Reviewed: 11 December 2017

Identifier: U/OO/234068-17

Dissemination Control: N/A

Length: 241 page(s)

Format: pdf

Type: Reference/Overview; Report

Tags: National Security Agency - NSA; Cyber; Guidance; Exploitation; Vulnerability; Data