Vulnerabilities > CVE-2020-13524 - Out-of-bounds Write vulnerability in multiple products

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

local

low complexity

pixar

apple

CWE-787

NVD

Published: 2020-12-03

Updated: 2022-06-07

Summary

An out-of-bounds memory corruption vulnerability exists in the way Pixar OpenUSD 20.05 uses SPECS data from binary USD files. A specially crafted malformed file can trigger an out-of-bounds memory access and modification which results in memory corruption. To trigger this vulnerability, the victim needs to access an attacker-provided malformed file.

Vulnerable Configurations

Part	Description	Count
Application	Pixar Pixar Openusd 20.05	1
OS	Apple Apple MAC OS X 10.15 Apple MAC OS X 10.15.1 Apple MAC OS X 10.15.4 Apple MAC OS X 10.15.5 Apple MAC OS X 10.15.6 Apple MAC OS X 10.14.0 Apple MAC OS X 10.14.1 Apple MAC OS X 10.14.2 Apple MAC OS X 10.14.3 Apple MAC OS X 10.14.4 Apple MAC OS X 10.14.5 Apple MAC OS X 10.14.6 Apple MAC OS X 10.15.7 Apple Macos 11.0 Apple Macos 11.0.1	29

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References