"Three Vulnerabilities Discovered in Game Dev Tool RenderDoc"

Three critical vulnerabilities have recently been discovered in RenderDoc, a graphics debugger that supports multiple operating systems, including Windows, Linux, Android, and Nintendo Switch.  The software holds a prominent position within the gaming development software arena, as it seamlessly integrates with leading gaming software engines such as Unity and Unreal.  Security researchers from Qualys Threat Research Unit (TRU) discovered the vulnerabilities.  The first of these flaws (tracked CVE-2023-33865) is a symlink vulnerability that can be exploited by a local attacker with no privilege requirement, potentially granting them the privileges of the RenderDoc user.  The second (tracked CVE-2023-33864) involves an integer underflow that leads to a heap-based buffer overflow.   The researchers noted that an attacker can remotely exploit this vulnerability to execute arbitrary code on the host machine.  The third vulnerability (tracked CVE-2023-33863) is an integer overflow that results in a heap-based buffer overflow.  While the researchers said no exploitation attempts had been made so far, the flaw could be exploited by a remote attacker to run arbitrary code on the target machine.

Infosecurity reports: "Three Vulnerabilities Discovered in Game Dev Tool RenderDoc"