File Formats Security Issues

This is a series of articles about file formats and related security issues. In 2003 I had presented an article in French about this subject at the SSTIC conference: [SSTIC03]. In the following articles I will provide an updated version in English with more information about common file formats.

The original location of this book is

Each file format will be described with the following information:

  • File format description
  • Links to specification documents and technical information about the format
  • Main client applications
  • Main security issues
  • Examples of known vulnerabilities and exploits
  • Useful analysis tools
  • Parsing tools and libraries
  • Filtering tools and libraries

In the future I plan to cover common file formats such as PDF, MS Office (binary and Open XML), HTML, XML, RTF, ZIP, JPEG, EXE, etc. Stay tuned! ;-)