Fluid Attacks Database

Description

StreamReader::ReadFromExternal in RenderDoc before 1.27 allows an Integer Overflow with a resultant Buffer Overflow. It uses uint32_t(m_BufferSize-m_InputSize) even though m_InputSize can exceed m_BufferSize.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	renderdoc	=1.11+dfsg-5 \|\| >=0 <1.11+dfsg-5+deb11u1	1.11+dfsg-5+deb11u1
debian 12	renderdoc	=1.24+dfsg-1 \|\| >=0 <1.24+dfsg-1+deb12u1	1.24+dfsg-1+deb12u1

Aliases

1. CVE-2023-338642. NVD-2023-338643. OSV-DEBIAN-2023-338644. OSV-2023-338645. SECURITY-TRACKER-CVE-2023-33864

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.