Skip to content

Releases: jonaslejon/malicious-pdf

Release list

v1.0.1

Choose a tag to compare

@jonaslejon jonaslejon released this 20 Apr 08:19

Added

  • __version__ constant in malicious-pdf.py and a --version CLI flag, so users running from a clone can identify the release they have:

    $ python3 malicious-pdf.py --version
    malicious-pdf.py 1.0.1
    

See CHANGELOG.md for the full list.

v1.0.0

Choose a tag to compare

@jonaslejon jonaslejon released this 20 Apr 08:17

First tagged release. Captures the state of the project at the time the
CHANGELOG
was introduced.

Highlights

  • 67+ PDF generators covering phone-home callbacks, SSRF, XSS, XXE, NTLM
    credential theft, and data exfiltration techniques.
  • --obfuscate flag with levels 0–4, including base64 JS payload staging
    (level 4) inspired by the April 2026 Adobe Reader 0-day analysis.
  • Test cases from 2025–2026 CVEs targeting server-side processors
    (Apache Tika, LibreOffice, Foxit, Apryse).
  • CodeQL and Semgrep static-analysis workflows + Dependabot.
  • SECURITY.md with PGP-encrypted private vulnerability reporting.

See CHANGELOG.md
for the full list.