At the end of last year I intentionally avoided reading other papers about PDF security by other researchers because I felt that it would confuse my talk. This didnt stop me being made aware by SophosLabs colleagues and sometimes the authors themselves of the PDF research being done by others. Many of the points of Julia Wolfs presentation reinforce points in mine. When I first looked at them the test files looked good and had a valid xref table. But when I passed the file along to the developer, however, he pointed out that the xref was actually invalid because the startxref was wrong.”]
Source: https://nakedsecurity.sophos.com/2011/01/24/review-omg-wtf-pdf/