CVE-2020-13496Improper Restriction of Operations within the Bounds of a Memory Buffer in Openusd

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-125Out-of-bounds Read5 documents4 sources
Severity
6.5MEDIUMNVD
EPSS
0.4%
top 39.59%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Pixar Openusd
Timeline
PublishedDec 2
Latest updateMay 24

Description

An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 handles parses certain encoded types. A specially crafted malformed file can trigger an arbitrary out of bounds memory access in TfToken Type Index. This vulnerability could be used to bypass mitigations and aid further exploitation. To trigger this vulnerability, the victim needs to access an attacker-provided malformed file.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

NVDpixar/openusd20.05

🔴Vulnerability Details

2
GHSA
GHSA-65gp-vp7v-4x4h: An exploitable vulnerability exists in the way Pixar OpenUSD 202022-05-24
CVEList
CVE-2020-13496: An exploitable vulnerability exists in the way Pixar OpenUSD 202020-12-02

🕵️Threat Intelligence

2
Talos
Vulnerability Spotlight: Multiple vulnerabilities in Pixar OpenUSD affects some versions of macOS2020-11-12
Talos
Vulnerability Spotlight: Multiple vulnerabilities in Pixar OpenUSD affects some versions of macOS2020-11-12
CVE-2020-13496 — Pixar Openusd vulnerability | cvebase