Open
Description
When encrypting PDF files, there is no verification whether the reserved permission bits are passed correctly. This seems to allow for PDF files which do not completely follow the PDF 1.7 specification (table 3.20). (This is some follow-up to #2391.)
Environment
Which environment were you using when you encountered the problem?
$ python -m platform
Linux-6.5.0-10013-tuxedo-x86_64-with-glibc2.35
$ python -c "import pypdf;print(pypdf._debug_versions)"
pypdf==3.17.4, crypt_provider=('cryptography', '3.4.8'), PIL=9.0.1Code + PDF
This is a minimal, complete example that shows the issue:
from tempfile import NamedTemporaryFile
from pypdf import PdfReader, PdfWriter
from pypdf.constants import UserAccessPermissions
with NamedTemporaryFile() as fp:
name = fp.name
writer = PdfWriter(clone_from='resources/crazyones.pdf')
writer.encrypt(
user_password='',
owner_password='abc',
permissions_flag=UserAccessPermissions.PRINT | UserAccessPermissions.PRINT_TO_REPRESENTATION | UserAccessPermissions.FILL_FORM_FIELDS | UserAccessPermissions.R1,
algorithm='AES-128'
)
writer.write(name)
reader = PdfReader(name)
print(reader._encryption.V)
print(UserAccessPermissions(reader._encryption.P))The PDF file is from our own resources directory.
Output
This will print:
4
UserAccessPermissions.PRINT_TO_REPRESENTATION|FILL_FORM_FIELDS|PRINT|R1
Problem
- R1 and R2 are meant to be 0, but can be declared as 1.
- R7 and R8 as well as R13-R32 are meant to always be 1, but can be declared as 0 by omitting them.