Almost every company or government organization uses PDF files, often relying on digital signatures to verify the authenticity of the documents. When you open a signed PDF, the viewer typically shows a flag indicating who signed it and provides access to the signature verification menu.
A group of researchers from several German universities decided to examine how secure PDF signatures really are. Vladislav Mladenov from Ruhr-Universität Bochum presented their findings at the Chaos Communication Congress (36C3).
Their goal was straightforward: to modify the content of a signed PDF without invalidating the signature. In practice, cybercriminals could exploit this to insert false information or malicious elements into a signed document. After all, recipients usually trust signed documents, such as those from a bank, and may click on included links without caution.
The team tested 22 widely used PDF viewers across different platforms, applying their experimental results systematically.
PDF file structure
To understand the PDF format: each file has four main parts. The header shows the PDF version, the body contains the main content displayed to the user, the Xref section lists objects in the body and their locations, and the trailer tells the viewer where to begin reading the file and where the Xref section starts.
The format includes an incremental update feature, allowing users to highlight text or add comments. Technically, this adds three new sections: updates to the body, a new Xref directory, and a new trailer. Essentially, a digital signature is itself an incremental update, adding elements and sections to the file.
Incremental saving attack (ISA)
First, the team added extra sections to a PDF using another incremental update through a text editor. Technically, this isn't an attack—it’s simply using a feature of the PDF format. When opened, most viewers display a message indicating that the signature is valid but the document has been modified. However, one viewer (LibreOffice) didn’t even warn the user.
Next, they removed the two final sections (updating the body but not Xref and trailer). Some viewers refused the file, two automatically added the missing sections without notifying the user, and three accepted it without any warning.
They also tried manually copying the digital signature into a new update. Two viewers—Foxit and MasterPDF—accepted this tampered file. In total, 11 of the 22 PDF viewers were vulnerable, with six showing no indication of modification. For the remaining five, users had to manually check signature validity to see any changes.
Signature wrapping attack (SWA)
A digital signature adds two key fields: /Contents (the signature itself) and /ByteRange (defining what’s signed). By adding another /ByteRange with altered end values, the team created space in the file to insert malicious objects and a corresponding Xref section. Seventeen of the 22 viewers were vulnerable to this trick.
Universal signature forgery (USF)
The researchers also tested standard pentesting tricks, such as replacing or deleting signature fields. Surprisingly, some viewers still validated signatures even when /Contents or /ByteRange contained null or incorrect values. Four viewers in total contained exploitable implementation flaws.
Overall, 21 of the 22 PDF viewers could be manipulated, meaning almost all allowed creation of a PDF with malicious content that appeared valid to users.
Interestingly, the only viewer unaffected by these tricks was Adobe Reader 9, although it has a separate RCE vulnerability and is mainly used on Linux because that’s the latest version available to them.