← Volver a CVEs
CVE-2020-13494
MEDIUM5.5
Descripcion
A heap overflow vulnerability exists in the Pixar OpenUSD 20.05 parsing of compressed string tokens in binary USD files. A specially crafted malformed file can trigger a heap overflow which can result in out of bounds memory access which could lead to information disclosure. This vulnerability could be used to bypass mitigations and aid further exploitation. To trigger this vulnerability, victim needs to access an attacker-provided malformed file.
Detalles CVE
Puntuacion CVSS v3.15.5
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Vector de ataqueLOCAL
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioREQUIRED
Publicado12/2/2020
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0
Productos afectados
apple:macospixar:openusd
Debilidades (CWE)
CWE-122CWE-787
Referencias
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1103(talos-cna@cisco.com)
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1103(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.