- Network problems delay flights at two oneworld Alliance airlines
- Leveraging Avaya Experience Platform to accelerate your digital banking transformation
- The best iRobot vacuums of 2024: Expert tested and reviewed
- This simple Gmail trick gave me another 15GB of storage for free - and I didn't lose any files
- Why Oura Ring 4 is ZDNET's product of the year - besting Samsung, Apple, and others in 2024
Three Vulnerabilities Discovered in Game Dev Tool RenderDoc
Three critical vulnerabilities have been discovered in RenderDoc, a graphics debugger that supports multiple operating systems, including Windows, Linux, Android and Nintendo Switch.
The software holds a prominent position within the gaming development software arena, as it seamlessly integrates with leading gaming software engines such as Unity and Unreal.
As per the findings of cybersecurity specialists from Qualys Threat Research Unit (TRU), a trio of vulnerabilities has been identified, comprising one instance of privilege escalation and two heap-based buffer overflows.
The first of these flaws (tracked CVE-2023-33865) is a symlink vulnerability that can be exploited by a local attacker with no privilege requirement, potentially granting them the privileges of the RenderDoc user.
The second (tracked CVE-2023-33864) involves an integer underflow that leads to a heap-based buffer overflow. This vulnerability can be remotely exploited by an attacker to execute arbitrary code on the host machine.
The third vulnerability (tracked CVE-2023-33863) is an integer overflow that results in a heap-based buffer overflow. While Qualys said no exploitation attempts had been made so far, the flaw could be exploited by a remote attacker to run arbitrary code on the target machine.
“These three vulnerabilities serve as a sobering reminder of the constant vigilance required in our digital world,” explained Saeed Abbasi, manager of vulnerability research at Qualys.
The security expert also emphasized that comprehending these vulnerabilities serves as the initial stride in strengthening companies’ defenses.
“Qualys strongly advises security teams to apply patches for these vulnerabilities as soon as possible,” Abbasi concluded.
More information about the flaws is available on Qualys’s blog.