1

For example there are known vulnerabilities with Word file with Macros, PDF files, when opened can compromise and harm your system.

In a similar way are there any known issues when a CSV file is parsed in Java or a txt file is read? Is there a possibility of Virus or malware getting activated with these actions?

I am not able to find any security issues associated with above operations but wanted to check in a larger forum.

Saran Makam
  • 126
  • 7
  • 1
    Why would there be? Files are `byte` values, nothing more. There might be _OS specific_ vulnerabilities in _filesystems_ - but that has nothing to do with Java. Java is the specification of a programming language. – Boris the Spider Apr 16 '15 at 17:21
  • Reading a file is perfectly safe (or at least as safe as the OS you're running on). It's what you do with the file after you read it that would be the issue. If you read a file containing instructions to control a nuclear reactor and those instructions are wrong (or intentionally modified) your program may cause the reactor to blow up. – Hot Licks Apr 16 '15 at 17:39

1 Answers1

1

Java is memory-safe so you are very unlikely to suffer from the very common buffer overruns, use-after-free and similar vulnerabilities. Unless you are using a native library.

You can run into other issues. For instance, handling HTML files will often cause opening of network connections or file reads. See the Injection and Inclusion of the Secure Coding Guidelines for Java SE. Denial of Service attacks are very difficult to prevent. Libraries may be boobytrapped with surprising features to load remote code (see Take care interpreting untrusted code).

Section 0 to 3 of the Secure Coding Guidelines for Java SE are worth reading.

Tom Hawtin - tackline
  • 145,806
  • 30
  • 211
  • 305