Three critical vulnerabilities have been identified in RenderDoc, a graphics debugger that supports several running systems, together with Windows, Linux, Android and Nintendo Switch.
The software package retains a prominent position within the gaming improvement software arena, as it seamlessly integrates with major gaming software engines such as Unity and Unreal.
Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.
Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).
➤ Activate Your Coupon Code
As per the findings of cybersecurity experts from Qualys Danger Exploration Device (TRU), a trio of vulnerabilities has been identified, comprising a person instance of privilege escalation and two heap-based buffer overflows.
The very first of these flaws (tracked CVE-2023-33865) is a symlink vulnerability that can be exploited by a neighborhood attacker with no privilege necessity, most likely granting them the privileges of the RenderDoc person.
Go through a lot more on privilege escalation vulnerabilities: CISA: Patch Bug Exploited by Chinese E-commerce Application
The 2nd (tracked CVE-2023-33864) includes an integer underflow that qualified prospects to a heap-based buffer overflow. This vulnerability can be remotely exploited by an attacker to execute arbitrary code on the host equipment.
The 3rd vulnerability (tracked CVE-2023-33863) is an integer overflow that benefits in a heap-based buffer overflow. Although Qualys mentioned no exploitation tries experienced been built so far, the flaw could be exploited by a remote attacker to operate arbitrary code on the focus on equipment.
“These a few vulnerabilities provide as a sobering reminder of the regular vigilance expected in our digital world,” discussed Saeed Abbasi, manager of vulnerability exploration at Qualys.
The security specialist also emphasized that comprehending these vulnerabilities serves as the initial stride in strengthening companies’ defenses.
“Qualys strongly advises security teams to use patches for these vulnerabilities as before long as achievable,” Abbasi concluded.
More facts about the flaws is accessible on Qualys’s website.
Some sections of this report are sourced from:
www.infosecurity-journal.com