christ i thought this security vulnerability was only gonna be like a plugin / Lua scripting scope issue or something (more common in emulators but less commonly exploited) but no, the ROM can just inject into the emulator’s memory basically however it wants, because there are no restrictions/translations on writes to three‐quarters of the 32‐bit address space (and no ASLR!). full writeup here.
this is actually moderately serious — just don’t use Project64, i mean even besides this security issue there’s really no reason to. well, unless there are some romhacks that are only compatible with this specific version of PJ64?? wow i hope those don’t exist. they almost certainly exist.