← Back to CVEs
CVE-2020-13494
MEDIUM5.5
Description
A heap overflow vulnerability exists in the Pixar OpenUSD 20.05 parsing of compressed string tokens in binary USD files. A specially crafted malformed file can trigger a heap overflow which can result in out of bounds memory access which could lead to information disclosure. This vulnerability could be used to bypass mitigations and aid further exploitation. To trigger this vulnerability, victim needs to access an attacker-provided malformed file.
CVE Details
CVSS v3.1 Score5.5
SeverityMEDIUM
CVSS VectorCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Attack VectorLOCAL
ComplexityLOW
Privileges RequiredNONE
User InteractionREQUIRED
Published12/2/2020
Last Modified11/21/2024
Sourcenvd
Honeypot Sightings0
Affected Products
apple:macospixar:openusd
Weaknesses (CWE)
CWE-122CWE-787
References
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1103(talos-cna@cisco.com)
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1103(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.