| In recent years, the number of vulnerabilities about compound PDF formats is greatly increased. Because PDF documents are well portable and widely applied, the propagation speed of the vulnerabilities which are hidden in PDF documents is relatively fast. Currently, obtaining high-quality seed files for fuzzing PDF readers is difficult. Traditional fuzzing is inefficient when dealing with those target programs that require strict format validation. At present, the model-based fuzzing method can hardly be applied in building general model for a specific kind of file format because of its limited expression ability.In this paper, we present a test case generation method aiming at the inner interpreter of compound documents. Combined with file reconstruction method, the problem caused by the limited expression ability in model-based method can be mitigated. We use the information of font file structure to select seed files, by this means, we can obtain high coverage test cases with low overhead. We design a distributed test framework based on memory data exchange. This framework can make full use of existing resources and can promote test efficiency. Moreover,we can use this framework to monitor test results, help decide when to stop fuzzing according to the number of crash-inducing test cases.We tested 20 PDF readers and triggered a large number of crashes.We found that there was an integer overflow vulnerability in Xchange View.There were high-risk vulnerabilities in Expert PDFReader that can execute arbitrary code reader. The experimental results show that the method proposed in the paper can construct suitable test cases and can be applied to discover vulnerabilities of PDF viewers efficiently. |
PDF Full Text Request