Rating: 0

TLDR: use out-of-bounds framebuffer writes to corrupt the stack, hijack execution to shellcode.
See [full writeup](https://github.com/SPRITZ-Research-Group/ctf-writeups/tree/master/csaw-finals-2017/pwn/cyberwar-350).