@sun @pernia Some boards allowed posting PDFs, but the backend didn't check, if the file was actually a PDF, so the hacker in their own words uploaded a Postscript file that exploited the ghostscript version from 2012 and that was their entry. Then they misused an suid binary that shouldn't have been an suid binary.