CVE-2020-13494Heap-based Buffer Overflow in Openusd

CWE-122Heap-based Buffer OverflowCWE-787Out-of-bounds WriteCWE-120Classic Buffer Overflow5 documents4 sources
Severity
5.5MEDIUMNVD
EPSS
0.2%
top 54.85%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Pixar Openusd
Timeline
PublishedDec 2
Latest updateMay 24

Description

A heap overflow vulnerability exists in the Pixar OpenUSD 20.05 parsing of compressed string tokens in binary USD files. A specially crafted malformed file can trigger a heap overflow which can result in out of bounds memory access which could lead to information disclosure. This vulnerability could be used to bypass mitigations and aid further exploitation. To trigger this vulnerability, victim needs to access an attacker-provided malformed file.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages1 packages

NVDpixar/openusd20.05

🔴Vulnerability Details

2
GHSA
GHSA-j3x9-vvcx-3wc5: A heap overflow vulnerability exists in the Pixar OpenUSD 202022-05-24
CVEList
CVE-2020-13494: A heap overflow vulnerability exists in the Pixar OpenUSD 202020-12-02

🕵️Threat Intelligence

2
Talos
Vulnerability Spotlight: Multiple vulnerabilities in Pixar OpenUSD affects some versions of macOS2020-11-12
Talos
Vulnerability Spotlight: Multiple vulnerabilities in Pixar OpenUSD affects some versions of macOS2020-11-12
CVE-2020-13494 — Heap-based Buffer Overflow in Openusd | cvebase