Bypassing Apache FOP Postscript Escaping to reach GhostScript
Published on Fri 27 February 2026 by @sigabrt9
A few months ago, I came across a bug bounty program for an application that uses Apache FOP (Formatting Objects Processor) to generate PostScript files from user supplied XML, then runs GhostScript to generate a PDF.
Using AFL++ on bug bounty programs: an example with Gnome libsoup
Published on Wed 30 October 2024 by @sigabrt9
A case study in using AFL++, afl-cov and basic custom harnesses to find a bug in libsoup for a public bug bounty program.
Shell in the Ghost: Ghostscript CVE-2023-28879 writeup
Published on Tue 11 April 2023 by @sigabrt9
This write-up details how CVE-2023-28879 - an RCE in Ghostscript - was found and exploited. Due to the prevalence of Ghostscript in PostScript processing, this vulnerability may be reachable in many applications that process images or PDF files (think ImageMagick, PIL, etc.), making this an important one to patch and look out for.