tortiscu

joined 6 months ago
[–] [email protected] 2 points 1 month ago

Don't quote me on this, but I don't think PDFs can usually contain java. It also wouldn't execute if you don't have a java runtime.

Either way, java serialization data is not executable, it is just that: data. It doesn't contain code. You need the matching code already running in order to de-serialize the data.

If your file matches the linked SO post, you don't have serialized java data embedded in the pdf, but the pdf embedded in a serialized java array. Which, also according to the SO post, is not a valid pdf.

[–] [email protected] 9 points 1 month ago (11 children)