CVE-2019-16142: Improper Input Validation in renderdoc

August 25, 2021 (updated June 13, 2023)

Affected versions of this crate exposed several methods which took self by immutable reference, despite the requesting the RenderDoc API to set a mutable value internally. This is technically unsound and calling these methods from multiple threads without synchronization could lead to unexpected and unpredictable behavior. The flaw was corrected in release 0.5.0.

References

github.com/advisories/GHSA-vhfr-v4w9-45v8
github.com/ebkalderon/renderdoc-rs
github.com/ebkalderon/renderdoc-rs/pull/32
nvd.nist.gov/vuln/detail/CVE-2019-16142
rustsec.org/advisories/RUSTSEC-2019-0018.html

Detect and mitigate CVE-2019-16142 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →