Interesting vulnerability.<p>Having just written a DER parser I found the format way more complicated than expected. For security, simplicity is better. Note that every time you connect to an HTTPS web site, your browser is attempting to parse DER files (the certificates) that are attacker-controlled and can contain corrupt data. Scary stuff.