It was discovered that browserify-sign incorrectly handled an upper bound check
in signature verification. If a user or an automated system were tricked into
opening a specially crafted input file, a remote attacker could possibly use
this issue to perform a signature forgery attack.

Read More