The amount of attack surface in various format parsers is pretty stunning and terrifying indeed

Theres a malaysian movie where the main premise is a hacker who uses pdf executions to steal one cent from every persons bank account. Its pretty interesting.

The "code execution" in PDF parsing is what enabled this legendary zero-click, zero-day exploit of iOS devices: https://googleprojectzero.blogspot.com/2021/12/a-deep-dive-i...

AI agents run in isolated VMs, but PDFs have been out here running in the open for 30 years!

This isn't even the beginning of what's possible in PDFs.