Vulnerabilities > CVE-2020-13495 - Out-of-bounds Write vulnerability in Pixar Openusd 20.05

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

pixar

CWE-787

NVD

Published: 2022-04-18

Updated: 2022-04-26

Summary

An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 handles file offsets in binary USD files. A specially crafted malformed file can trigger an arbitrary out-of-bounds memory access that could lead to the disclosure of sensitive information. This vulnerability could be used to bypass mitigations and aid additional exploitation. To trigger this vulnerability, the victim needs to access an attacker-provided file.

Vulnerable Configurations

Part	Description	Count
Application	Pixar Pixar Openusd 20.05	1
OS	Apple Apple MAC OS X 10.15.3	1

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://talosintelligence.com/vulnerability_reports/TALOS-2020-1104