CVE-2020-13520

Summary

An out of bounds memory corruption vulnerability exists in the way Pixar OpenUSD 20.05 reconstructs paths from binary USD files. A specially crafted malformed file can trigger an out of bounds memory modification which can result in remote code execution. To trigger this vulnerability, victim needs to access an attacker-provided malformed file.

Affected Software

VendorProductVersion RangeStatus
n/aPixarPixar OpenUSD 20.05 (tested in Apple macOS Catalina 10.15.3)affected

Weaknesses

  • CWE-119: CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

ADP Enrichment

CVE Program Container

Additional References

References