CVE-2020-13498Out-of-bounds Read in Openusd

CWE-125Out-of-bounds Read5 documents4 sources
Severity
5.5MEDIUMNVD
EPSS
0.3%
top 50.37%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedDec 2
Latest updateMay 24

Description

An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 handles parses certain encoded types. A specially crafted malformed file can trigger an arbitrary out of bounds memory access which could lead to information disclosure. This vulnerability could be used to bypass mitigations and aid further exploitation. To trigger this vulnerability, the victim needs to access an attacker-provided malformed file.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

CVEListV5pixar/openusd20.05
NVDpixar/openusd20.05
CVEListV5apple/macosCatalina 10.15.3

🔴Vulnerability Details

2
GHSA
GHSA-6gj8-w93h-3r46: An exploitable vulnerability exists in the way Pixar OpenUSD 202022-05-24
CVEList
CVE-2020-13498: An exploitable vulnerability exists in the way Pixar OpenUSD 202020-12-02

🕵️Threat Intelligence

2
Talos
Vulnerability Spotlight: Multiple vulnerabilities in Pixar OpenUSD affects some versions of macOS2020-11-12
Talos
Vulnerability Spotlight: Multiple vulnerabilities in Pixar OpenUSD affects some versions of macOS2020-11-12
CVE-2020-13498 — Out-of-bounds Read in Pixar Openusd | cvebase