CVE-2020-13497Improper Restriction of Operations within the Bounds of a Memory Buffer in Openusd

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-125Out-of-bounds Read3 documents3 sources
Severity
5.5MEDIUMNVD
EPSS
0.3%
top 50.37%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Pixar Openusd
Timeline
PublishedDec 2
Latest updateMay 24

Description

An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 handles parses certain encoded types. A specially crafted malformed file can trigger an arbitrary out of bounds memory access in String Type Index. This vulnerability could be used to bypass mitigations and aid further exploitation. To trigger this vulnerability, the victim needs to access an attacker-provided malformed file.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages1 packages

NVDpixar/openusd20.05

🔴Vulnerability Details

2
GHSA
GHSA-4j7x-9959-phm5: An exploitable vulnerability exists in the way Pixar OpenUSD 202022-05-24
CVEList
CVE-2020-13497: An exploitable vulnerability exists in the way Pixar OpenUSD 202020-12-02
CVE-2020-13497 — Pixar Openusd vulnerability | cvebase