evince thumbnailer vulnerable with huge PDFs / ZIP bombs
Submitted by Lukas Pirl
Link to original bug (#731253)
Description
If you have a very large (may be compressed) PDF, the thumbnail generation can eat all your disk space. If /tmp is mounted into ram, you'll find yourself rebooting your system a few minutes later. ;)
An example file can be created using this command:
$ dd if=/dev/zero bs=1M count=1048576 | bzip2 > huge.pdf.bz2
Once you open the directory where the file is stored in Nautilus, Nautilus will try to create a thumbnail for this file and trigger the behavior mentioned above. (I don't know if this stronger relates to Nautilus!?)
Thanks! :)
Edited by Germán Poo-Caamaño