> Most readers of binary file formats can be made to read memory outside the buffer by corrupting the data
I'm pretty sure that would be considered a serious security bug for any format likely to be displayed in a web browser. For instance, an image format with such a bug would allow you to implement a heartbleed-like attack on a user's browser by displaying a malicious image and then reading back the pixel values. That would be very, very bad.
But I can believe that your statement applies to formats used by games for their own assets, where those assets come directly from the game developer.
I'm pretty sure that would be considered a serious security bug for any format likely to be displayed in a web browser. For instance, an image format with such a bug would allow you to implement a heartbleed-like attack on a user's browser by displaying a malicious image and then reading back the pixel values. That would be very, very bad.
But I can believe that your statement applies to formats used by games for their own assets, where those assets come directly from the game developer.