CVE-2020-6147Heap-based Buffer Overflow in Openusd

CWE-122Heap-based Buffer OverflowCWE-787Out-of-bounds Write3 documents3 sources
Severity
7.8HIGHNVD
EPSS
0.2%
top 56.08%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Apple IpadosApple Iphone OSPixar Openusd
Timeline
PublishedNov 13
Latest updateMay 24

Description

A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. This instance exists in the USDC file format FIELDS section decompression heap overflow.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

NVDpixar/openusd20.05
NVDapple/ipados< 14.0
NVDapple/iphone_os< 14.0

🔴Vulnerability Details

2
GHSA
GHSA-7c72-wmjh-7cpf: A heap overflow vulnerability exists in Pixar OpenUSD 202022-05-24
CVEList
CVE-2020-6147: A heap overflow vulnerability exists in Pixar OpenUSD 202020-11-13
CVE-2020-6147 — Heap-based Buffer Overflow in Openusd | cvebase