2 0 obj
<</XFA 1 0 R >>
endobj
3 0 obj
<<
/Extensions
<<
/ADBE
<<
/ExtensionLevel 3
/BaseVersion /1.7
>>
>>
/AcroForm 2 0 R
/Type /Catalog
/Pages 4 0 R
/NeedsRendering true
>>
endobj
Actually, I was analyzing a PDF with CVE-2013-2729 where a specially crafted RLE8 encoded bitmap image causes a integer overflow via the XFA component of Adobe Reader.
Also, what is the difference between an direct and indirect object in PDF ?I am always confused in these two.
First of all, these objects look completely innocent.
Secondly, the difference between direct and indirect objects is exactly what you would expect. If you look at the line:
<</XFA 1 0 R >>
That's the use of an indirect object. The object is defined elsewhere and in this dictionary it's referred to (indirected).
If you look at the line
/ExtensionLevel 3
That's the use of a direct object. The object is defined in place without indirection.