CVE-2023-33863

Published: Jun 7, 2023

Modified: Nov 3, 2025

PUBLISHED

Description

SerialiseValue in RenderDoc before 1.27 allows an Integer Overflow with a resultant Buffer Overflow. 0xffffffff is sign-extended to 0xffffffffffffffff (SIZE_MAX) and then there is an attempt to add 1.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://renderdoc.org/

https://www.qualys.com/2023/06/06/renderdoc/renderdoc.txt

20230607 LPE and RCE in RenderDoc: CVE-2023-33865, CVE-2023-33864, CVE-2023-33863

mailing-list

http://packetstormsecurity.com/files/172804/RenderDoc-1.26-Local-Privilege-Escalation-Remote-Code-Execution.html

[debian-lts-announce] 20230725 [SECURITY] [DLA 3501-1] renderdoc security update

mailing-list

GLSA-202311-10

vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2023-33863

Description

Affected Products

References