all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Smash PostScript Interpreters Using A Syntax-Aware Fuzzer

Add to bookmarks
April 26, 2023, 3:40 p.m. | Kai Lu

Security Boulevard securityboulevard.com

In 2022, Zscaler’s ThreatLabz performed vulnerability hunting for some of the most popular PostScript interpreters using a custom-built syntax-aware fuzzer. The PostScript interpreters that were evaluated include Adobe Acrobat Distiller and Apple’s PSNormalizer. At the time of publication, ThreatLabz has discovered three vulnerabilities (CVE-2022-35665, CVE-2022-35666, CVE-2022-35668) in Adobe Acrobat Distiller and one vulnerability (CVE-2022-32843) in Apple’s PSNormalizer. This blog presents how the syntax-aware fuzzer was developed and analyzes the results.


PostScript Language


PostScript is a stack-based programming language, where values …

acrobat adobe adobe acrobat apple aware blog cve fuzzer hunting language operations popular programming results vulnerabilities vulnerability zscaler

Visit resource

More from securityboulevard.com / Security Boulevard

GitLab ‘Perfect 10’ Bug Gets a CISA Warning: PATCH NOW 21 minutes ago | securityboulevard.com
agency analytics & intelligence api security bug +70
Understanding the Link Between API Exposure and Vulnerability Risks 2 hours ago | securityboulevard.com
api apis application security architectures +19
Streamline NIS2 Compliance with Automation 3 hours ago | securityboulevard.com
automation complianc compliance nis2 +4
Cybersecurity Insights with Contrast CISO David Lindner | 5/3/24 4 hours ago | securityboulevard.com
application applications breach ciso +26
A Closer Look at Top 5 Vulnerabilities of April 2024 4 hours ago | securityboulevard.com
april closer critical cybersecurity +15
Insider Risk Digest: April 6 hours ago | securityboulevard.com
breaches cases digest dive +18
CVE-2024-27322 Should Never Have Been Assigned And R Data Files Are Still Super Risky Even … 7 hours ago | securityboulevard.com
big blog cert cisa +12
The Persistent Threat of Path Traversal Vulnerabilities in Software Development 7 hours ago | securityboulevard.com
advice advisory application protection best practices +34
Top 7 VAPT Testing Tools 7 hours ago | securityboulevard.com
applications automated autosect cyber +23

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Intern, Cyber Security Vulnerability Management

@ Grab | Petaling Jaya, Malaysia
View on infosec-jobs.com

Compliance - Global Privacy Office - Associate - Bengaluru

@ Goldman Sachs | Bengaluru, Karnataka, India
View on infosec-jobs.com

Cyber Security Engineer (m/w/d) Operational Technology

@ MAN Energy Solutions | Oberhausen, DE, 46145
View on infosec-jobs.com

Armed Security Officer - Hospital

@ Allied Universal | Sun Valley, CA, United States
View on infosec-jobs.com

Governance, Risk and Compliance Officer (Africa)

@ dLocal | Lagos (Remote)
View on infosec-jobs.com

Junior Cloud DevSecOps Network Engineer

@ Accenture Federal Services | Arlington, VA
View on infosec-jobs.com
View more jobs