CVE-2020-13495Improper Restriction of Operations within the Bounds of a Memory Buffer in Openusd

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-787Out-of-bounds Write5 documents4 sources
Severity
5.5MEDIUMNVD
EPSS
0.2%
top 56.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apple MacosPixar Openusd
Timeline
PublishedApr 18
Latest updateApr 19

Description

An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 handles file offsets in binary USD files. A specially crafted malformed file can trigger an arbitrary out-of-bounds memory access that could lead to the disclosure of sensitive information. This vulnerability could be used to bypass mitigations and aid additional exploitation. To trigger this vulnerability, the victim needs to access an attacker-provided file.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

CVEListV5pixar/openusd20.05
NVDpixar/openusd20.05
CVEListV5apple/macosCatalina 10.15.3

🔴Vulnerability Details

2
GHSA
GHSA-5g9c-4xc2-67c7: An exploitable vulnerability exists in the way Pixar OpenUSD 202022-04-19
CVEList
CVE-2020-13495: An exploitable vulnerability exists in the way Pixar OpenUSD 202022-04-18

🕵️Threat Intelligence

2
Talos
Vulnerability Spotlight: Multiple vulnerabilities in Pixar OpenUSD affects some versions of macOS2020-11-12
Talos
Vulnerability Spotlight: Multiple vulnerabilities in Pixar OpenUSD affects some versions of macOS2020-11-12
CVE-2020-13495 — Pixar Openusd vulnerability | cvebase