Techly NewsGet the app

Get the latest tech news

Bypassing Apache Fop PostScript Escaping to Reach GhostScript


ublished on Fri 27 February 2026 by @sigabrt9 Introduction A few months ago, I came across a bug bounty program for an application that uses Apache FOP (Formatting Objects Processor) to generate PostScript files from user supplied XML, then runs GhostScript to generate a PDF. This feature seemed really appealing and very bug prone.

None

Get the Android app

Or read this on Hacker News

Read more on:

Photo of Ghostscript

Ghostscript

Related news:

News photo

CVE-2024-29510 – Exploiting Ghostscript using format strings

« OpenAI Is Walking Away From Expanding Its Stargate Data Center With Oracle
Isotopic Evidence for a Cold and Distant Origin of Interstellar Object 3I/Atlas »