News Heading

Three Vulnerabilities Discovered in Popular Open-Source Graphic Debugger RenderDoc

Reading time: 2 min

Updated on Jun 13, 2023

  • Shipra Sanganeria

    Written by: Shipra Sanganeria Cybersecurity & Tech Writer

Three critical flaws were found in a popular, cross-platform graphic debugger tool, RenderDoc. Due to its multi-application and operating system (OS) support, the standalone software has gained prominence among developers, particularly in the gaming industry.

RenderDoc is an open-source, MIT licensed software that supports operating systems like Windows, Linux, Nintendo Switch and Android. Its single-frame capture and detailed inspection feature aids in debugging programs across various applications, like Vulkan, OpenGL, D3D12, etc.

The three flaws that were discovered by Qualys Threat Research Unit (TRU) cybersecurity researchers, include, two heap-based buffer overflow and privilege escalation. These vulnerabilities can prove to be a potential threat to security. If exploited, it can allow an attacker to manipulate and control the host’s machines, thereby increasing the risking of ‘’unauthorized access and malicious cyber activity.’’

The three vulnerabilities are:

  • CVE-2023-33865: The first vulnerability is a symlink vulnerability that a local attacker having no privilege requirement can exploit, helping them gain the privileges of the RenderDoc user.
  • CVE-2023-33864: The second is an integer underflow that leads to a heap-based buffer overflow that can be exploited by any remote attacker. Using this vulnerability, they can execute arbitrary code on the victim’s machine.
  • CVE-2023-33863: The third is an integer overflow that develops into a heap-based buffer overflow that can be used by a remote attacker to run arbitrary code on the host machine. Till now, Qualys in its investigation has not exploited this vulnerability, so the threat level of this flaw remains unknown.

On being notified about the vulnerabilities, RenderDoc immediately released a new version of its software – version 1.27, with fixes for these flaws. Version 1.26 and prior continue to have these vulnerabilities, thus remaining susceptible to attacks.

Qualys in its report also advised security teams to fix these vulnerabilities with patches as soon as possible.

Did you like this article? Rate it!
I hated it I don't really like it It was ok Pretty good! Loved it!
0 Voted by 0 users
Title
Comment
Thanks for your feedback
Please wait 5 minutes before posting another comment.
Comment sent for approval.

Leave a Comment

Show more...