SerialiseValue in RenderDoc before 1.27 allows an Integer Overflow with a resultant Buffer Overflow. 0xffffffff is sign-extended to 0xffffffffffffffff (SIZE_MAX) and then there is an attempt to add 1.
https://security.gentoo.org/glsa/202311-10
https://lists.debian.org/debian-lts-announce/2023/07/msg00023.html