TL;DR: Overflow in wasm’s stack buffer between 3M and 4M RGBA bytes to spill into an eval’d JS string, overwriting it with our own XSS payload.

Original writeup (https://ubcctf.github.io/2022/03/utctf-HTML2PDF-sigma/#sigma).