CVE-2023-33865

RenderDoc before 1.27 allows local privilege escalation via a symlink attack. It relies on the /tmp/RenderDoc directory regardless of ownership...

CVE-2023-33863

SerialiseValue in RenderDoc before 1.27 allows an Integer Overflow with a resultant Buffer Overflow. 0xffffffff is sign-extended to 0xffffffffffffffff SIZEMAX and then there is an attempt to add 1...

CVE-2023-33864

StreamReader::ReadFromExternal in RenderDoc before 1.27 allows an Integer Overflow with a resultant Buffer Overflow. It uses uint32tmBufferSize-mInputSize even though mInputSize can exceed mBufferSize...

Behind the Screen: Three Vulnerabilities in RenderDoc

The Qualys Threat Research Unit TRU has discovered three vulnerabilities in RenderDoc. This blog will delve into the details of these three newly discovered vulnerabilities found within RenderDocs implementation. As part of our ongoing commitment to safeguard digital assets and strengthen...

PT-2023-3263 · Renderdoc · Renderdoc

Name of the Vulnerable Software and Affected Versions: RenderDoc versions prior to 1.27 Description: The issue is related to the incorrect handling of symbolic links before accessing a file in the RenderDoc library. This can allow an attacker to escalate their privileges. The vulnerability relies...

GHSA-VHFR-V4W9-45V8 Improper Input Validation in renderdoc

Affected versions of this crate exposed several methods which took self by immutable reference, despite the requesting the RenderDoc API to set a mutable value internally. This is technically unsound and calling these methods from multiple threads without synchronization could lead to unexpected...

Improper Input Validation in renderdoc

Affected versions of this crate exposed several methods which took self by immutable reference, despite the requesting the RenderDoc API to set a mutable value internally. This is technically unsound and calling these methods from multiple threads without synchronization could lead to unexpected...

CVE-2019-16142

An issue was discovered in the renderdoc crate before 0.5.0 for Rust. Multiple exposed methods take self by immutable reference, which is incompatible with a multi-threaded application...

Code injection

An issue was discovered in the renderdoc crate before 0.5.0 for Rust. Multiple exposed methods take self by immutable reference, which is incompatible with a multi-threaded application...

CVE-2019-16142

The CVE-2019-16142 issue affects the renderdoc crate for Rust prior to 0.5.0, where multiple exposed methods take self by immutable reference. This design is incompatible with a mutable interior state and can be unsafe when called from multiple threads without synchronization. Reported across Red...

CVE-2019-16142

An issue was discovered in the renderdoc crate before 0.5.0 for Rust. Multiple exposed methods take self by immutable reference, which is incompatible with a multi-threaded application...

RUSTSEC-2019-0018 Internally mutating methods take immutable ref self

Affected versions of this crate exposed several methods which took self by immutable reference, despite the requesting the RenderDoc API to set a mutable value internally. This is technically unsound and calling these methods from multiple threads without synchronization could lead to unexpected...

Internally mutating methods take immutable ref self

Affected versions of this crate exposed several methods which took self by immutable reference, despite the requesting the RenderDoc API to set a mutable value internally. This is technically unsound and calling these methods from multiple threads without synchronization could lead to unexpected...