CVE-2020-13494
4.3
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Summary
A heap overflow vulnerability exists in the Pixar OpenUSD 20.05 parsing of compressed string tokens in binary USD files. A specially crafted malformed file can trigger a heap overflow which can result in out of bounds memory access which could lead to information disclosure. This vulnerability could be used to bypass mitigations and aid further exploitation. To trigger this vulnerability, victim needs to access an attacker-provided malformed file.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | Pixar | Pixar OpenUSD 20.05, Apple macOS Catalina 10.15.3 | affected |
Weaknesses
- CWE-122: CWE-122: Heap-based Buffer Overflow
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.