While performing a security audit, I discovered a file format vulnerability that took me down an unexpected rabbit hole. The bug was fairly straightforward but what made it interesting was its origin and its variants found across numerous popular projects.
https://blackwinghq.com/blog/posts/finding-vulnerability-variants-at-scale/