This write up on finding arbitrary code execution in ExifTool is interesting both because it's Perl code that I used almost 20 year ago (and is still the best way to do it!), and that it's a great explanation of finding and exploiting vulnerable code.