SerialiseValue in RenderDoc before 1.27 allows an Integer Overflow with a resultant Buffer Overflow. 0xffffffff is sign-extended to 0xffffffffffffffff (SIZE_MAX) and then there is an attempt to add 1.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| renderdoc | renderdoc | * |
StreamReader::ReadFromExternal in RenderDoc before 1.27 allows an Integer Overflow with a resultant Buffer Overflow. It uses uint32_t(m_BufferSize-m_InputSize) even though m_InputSize can exceed m_BufferSize.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| renderdoc | renderdoc | * |
RenderDoc before 1.27 allows local privilege escalation via a symlink attack. It relies on the /tmp/RenderDoc directory regardless of ownership.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| renderdoc | renderdoc | * |