CVE-2020-13495
4.3
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Summary
An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 handles file offsets in binary USD files. A specially crafted malformed file can trigger an arbitrary out-of-bounds memory access that could lead to the disclosure of sensitive information. This vulnerability could be used to bypass mitigations and aid additional exploitation. To trigger this vulnerability, the victim needs to access an attacker-provided file.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Apple | macOS | Catalina 10.15.3 | affected |
| Pixar | OpenUSD | 20.05 | affected |
Weaknesses
- CWE-119: CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
ADP Enrichment
CVE Program Container
Additional References
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.