Three critical vulnerabilities have been discovered in RenderDoc, a graphics debugger that supports multiple operating systems including Windows, Linux, Android and Nintendo Switch.
The software seamlessly integrates with leading game software engines such as Unity and Unreal, making it a key player in the game development software arena.
according to findings A team of cybersecurity experts at the Qualys Threat Research Unit (TRU) identified three vulnerabilities, one privilege escalation and two heap-based buffer overflows.
The first of these flaws (tracked CVE-2023-33865) is a symbolic link vulnerability that can be exploited by a local attacker without requiring privileges to grant the privileges of the RenderDoc user .
For more information about the privilege escalation vulnerability, see CISA: Patch bug exploited by Chinese e-commerce app.
The second (tracked by CVE-2023-33864) involves an integer underflow that causes a heap-based buffer overflow. This vulnerability could be exploited remotely by an attacker to execute arbitrary code on the host machine.
The third vulnerability (tracked CVE-2023-33863) is an integer overflow that causes a heap-based buffer overflow.in the meantime qualis Although no exploitation attempts have been made so far, he said a remote attacker could exploit this flaw to execute arbitrary code on the target machine.
“These three vulnerabilities are a solemn reminder of the constant vigilance required in our digital world,” explains Saeed Abbasi, Vulnerability Research Manager at Qualys.
Security experts also stressed that understanding these vulnerabilities is the first step to improving a company’s defenses.
“Qualys strongly advises security teams to patch these vulnerabilities as soon as possible,” Abbasi concluded.
Please refer to the Qualys website for details of the defect. blog.
