1. UberZ Archive Vulnerability: Out-of-Bounds Write in Pointer Conversion Exposes GLTFIO, Tools to Memory Corruption
A critical vulnerability in the UberZ archive format's pointer conversion function exposes applications to memory corruption and crashes when processing untrusted files. The flaw resides in `uberz::convertOffsetsToPointers`, which rewrites attacker-controlled offsets from a decompressed archive into live pointers witho...