A novel set of attacking techniques that could allow attackers to access the entire content of a password-protected or encrypted PDF file. The new set of techniques includes two classes of attacks that take advantage of security weaknesses in the standard encryption protection built into the Portable Document Format. The attacks don’t allow an attacker to know or remove the password for an encrypted PDF; instead, enable attackers to remotely exfiltrate content once a legitimate user opens that document. The researchers tested their PDFex attacks against 27 widely-used PDF viewers, both for desktop and browser-based, and found all of them vulnerable to one of the two attacks.
Source: https://thehackernews.com/2019/10/pdf-password-encryption-hacking.html