SerialiseValue in RenderDoc prior to 1.27 allows an Integer Overflow with a resultant Buffer Overflow. 0xffffffff is sign-extended to 0xffffffffffffffff (SIZE_MAX) and then there is an attempt to add 1.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
renderdoc renderdoc |