For those of you who attended my ISSA / OWASP talk Risky PDF, thanks for your interesting and challenging questions! I’m very pleased with the feedback I got.
A recurring remark I received afterward is about claiming not to be a PDF expert, while my presentation (and research) clearly shows otherwise.
My PDF expertise is limited to malicious usage and forensics. Outside of the IT security field, people with my expertise are not considered PDF experts. It wasn’t intended as false modesty, I just can’t help you troubleshoot “benign” PDFs