CVE-2023-33864

StreamReader::ReadFromExternal in RenderDoc before 1.27 allows an Integer Overflow with a resultant Buffer Overflow. It uses uint32tmBufferSize-mInputSize even though mInputSize can exceed mBufferSize...

CVE-2023-33863

CVE-2023-33863 and related issues in RenderDoc (before 1.27) : The vulnerability set includes an integer overflow in SerialiseValue that leads to a heap-based buffer overflow, a second overflow pathway in StreamReader.ReadFromExternal (uint32_t(m_BufferSize−m_InputSize)), and a local privilege es...

RenderDoc 输入验证错误漏洞

RenderDoc is a standalone graphics debugger from the RenderDoc open source. An input validation error vulnerability exists in RenderDoc 1.26 and earlier versions, which stems from allowing integer overflows and causing buffer overflows...

Behind the Screen: Three Vulnerabilities in RenderDoc

The Qualys Threat Research Unit TRU has discovered three vulnerabilities in RenderDoc. This blog will delve into the details of these three newly discovered vulnerabilities found within RenderDocs implementation. As part of our ongoing commitment to safeguard digital assets and strengthen...

PT-2023-3263 · Renderdoc · Renderdoc

Name of the Vulnerable Software and Affected Versions: RenderDoc versions prior to 1.27 Description: The issue is related to the incorrect handling of symbolic links before accessing a file in the RenderDoc library. This can allow an attacker to escalate their privileges. The vulnerability relies...

GHSA-VHFR-V4W9-45V8 Improper Input Validation in renderdoc

Affected versions of this crate exposed several methods which took self by immutable reference, despite the requesting the RenderDoc API to set a mutable value internally. This is technically unsound and calling these methods from multiple threads without synchronization could lead to unexpected...

Improper Input Validation in renderdoc

Affected versions of this crate exposed several methods which took self by immutable reference, despite the requesting the RenderDoc API to set a mutable value internally. This is technically unsound and calling these methods from multiple threads without synchronization could lead to unexpected...

CVE-2019-16142

An issue was discovered in the renderdoc crate before 0.5.0 for Rust. Multiple exposed methods take self by immutable reference, which is incompatible with a multi-threaded application...

Code injection

An issue was discovered in the renderdoc crate before 0.5.0 for Rust. Multiple exposed methods take self by immutable reference, which is incompatible with a multi-threaded application...

CVE-2019-16142

An issue was discovered in the renderdoc crate before 0.5.0 for Rust. Multiple exposed methods take self by immutable reference, which is incompatible with a multi-threaded application...

CVE-2019-16142

The CVE-2019-16142 issue affects the renderdoc crate for Rust prior to 0.5.0, where multiple exposed methods take self by immutable reference. This design is incompatible with a mutable interior state and can be unsafe when called from multiple threads without synchronization. Reported across Red...

RUSTSEC-2019-0018 Internally mutating methods take immutable ref self

Affected versions of this crate exposed several methods which took self by immutable reference, despite the requesting the RenderDoc API to set a mutable value internally. This is technically unsound and calling these methods from multiple threads without synchronization could lead to unexpected...

Internally mutating methods take immutable ref self

Affected versions of this crate exposed several methods which took self by immutable reference, despite the requesting the RenderDoc API to set a mutable value internally. This is technically unsound and calling these methods from multiple threads without synchronization could lead to unexpected...