Glyph Positions Break PDF Text Redaction
5 days ago
- #security vulnerability
- #information leakage
- #PDF redaction
- Current PDF text redactions are insecure due to non-redacted character positioning information.
- Subpixel-sized horizontal shifts in redacted and non-redacted characters can be recovered to deredact first and last names.
- 11 popular PDF redaction tools, including Adobe Acrobat, leak information about redacted text.
- Hundreds of real-world PDF redactions, including OIG investigation reports and FOIA responses, were successfully deredacted.
- Open source algorithms have been released to fix trivial redactions and reduce information leakage.
- Developers of redaction tools and relevant organizations have been notified to address the issue.