• Corpus ID: 231741139

Can You Accept LaTeX Files from Strangers? Ten Years Later

@article{Lacombe2021CanYA,
  title={Can You Accept LaTeX Files from Strangers? Ten Years Later},
  author={Guilhem Lacombe and Kseniia Masalygina and Anass Tahiri and Carole Adam and C{\'e}dric Lauradoux},
  journal={ArXiv},
  year={2021},
  volume={abs/2102.00856}
}
It is well-known that Microsoft Word/Excel compatible documents or PDF files can contain malicious content. LTEX files are unfortunately no exception either. LTEX users often include thirdparty codes through sources or packages (.sty or .cls files). But those packages can execute malicious commands on the users’ system, in order to capture sensitive information or to perform denial of service attacks. Checkoway et al. [3] were the first to warn LTEX users of these threats. Collaborative… 

Tables from this paper

References

SHOWING 1-10 OF 15 REFERENCES
Office Document Security and Privacy
TLDR
This work presents a systematic analysis of the capabilities of malicious office documents, and abuse legitimate features of the OOXML and ODF specifications.
Don't Take LaTeX Files from Strangers
TLDR
This article describes how to exploit LaTeX to built a virus that spreads between documents of the MiKTeX distribution on Windows XP as well as how to use malicious documents to steal data from Web-based LaTeX previewer services.
Are Text-Only Data Formats Safe? Or, Use This LaTeX Class File to Pwn Your Computer
We show that malicious TEX, BIBTEX, and METAPOST files can lead to arbitrary code execution, viral infection, denial of service, and data exfiltration, through the file I/O capabilities exposed by
Malicious PDF Documents Explained
TLDR
PDF reader software designers have begun using Windows security features such as data execution prevention (DEP) and address space layout randomization (ASLR) to prevent exploits from executing.
Information hiding-a survey
TLDR
An overview of the information-hiding techniques field is given, of what the authors know, what works, what does not, and what are the interesting topics for research.
On Training Robust PDF Malware Classifiers
TLDR
The first steps towards training robust PDF malware classifiers with verifiable robustness properties are taken, including a new distance metric that operates on the PDF tree structure and specifies two classes of robusts properties including subtree insertions and deletions.
Data Hiding in a Kind of PDF Texts for Secret Communication
TLDR
The steganographic system PDFStego is described, in which several strategies are applied to improve security, such as making use of redundancy to complement security; constituting two chaotic maps to meet the Kerckhoffs principle and to prevent statistical attacks.
Data Hiding for Text Document in PDF File
TLDR
A collection of space lengths is regarded as one dimensional feature vector and signal processing approaches for the vector to embed more information with less distortions to focus on the Portable Document Format files.
A new approach to covert communication via PDF files
Techniques for Data Hiding
TLDR
This work explores both traditional and novel techniques for addressing the data hiding process and evaluates these techniques in light of three applications: copyright protecting, tamper-proofing, and augmentation data embedding.
...
...