PT-2019-14538 · Renderdoc · Renderdoc

Published

2019-09-02

Updated

2021-08-25

CVE-2019-16142

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions renderdoc crate versions prior to 0.5.0

Description The issue arises from methods in the renderdoc crate that take self by immutable reference, which is incompatible with multi-threaded applications and can lead to unexpected behavior when called without synchronization. This technically unsound behavior can result in unpredictable outcomes.

Recommendations For versions prior to 0.5.0, update to release 0.5.0 to resolve the issue. As a temporary workaround, consider synchronizing access to methods that take self by immutable reference to minimize the risk of exploitation.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2019-16142

GHSA-VHFR-V4W9-45V8

RUSTSEC-2019-0018

Affected Products

Renderdoc

PT-2019-14538 · Renderdoc · Renderdoc

CVE-2019-16142

Weakness Enumeration

Related Identifiers

Affected Products

References · 8