all InfoSec news
Smash PostScript Interpreters Using A Syntax-Aware Fuzzer
Security Boulevard securityboulevard.com
In 2022, Zscaler’s ThreatLabz performed vulnerability hunting for some of the most popular PostScript interpreters using a custom-built syntax-aware fuzzer. The PostScript interpreters that were evaluated include Adobe Acrobat Distiller and Apple’s PSNormalizer. At the time of publication, ThreatLabz has discovered three vulnerabilities (CVE-2022-35665, CVE-2022-35666, CVE-2022-35668) in Adobe Acrobat Distiller and one vulnerability (CVE-2022-32843) in Apple’s PSNormalizer. This blog presents how the syntax-aware fuzzer was developed and analyzes the results.
PostScript Language
PostScript is a stack-based programming language, where values …
acrobat adobe adobe acrobat apple aware blog cve fuzzer hunting language operations popular programming results vulnerabilities vulnerability zscaler