Vulnerabilities > CVE-2020-13524 - Out-of-bounds Write vulnerability in multiple products
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
An out-of-bounds memory corruption vulnerability exists in the way Pixar OpenUSD 20.05 uses SPECS data from binary USD files. A specially crafted malformed file can trigger an out-of-bounds memory access and modification which results in memory corruption. To trigger this vulnerability, the victim needs to access an attacker-provided malformed file.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- http://seclists.org/fulldisclosure/2020/Dec/26
- http://seclists.org/fulldisclosure/2020/Dec/32
- https://support.apple.com/kb/HT212011
- https://talosintelligence.com/vulnerability_reports/TALOS-2020-1125
- http://seclists.org/fulldisclosure/2020/Dec/26
- https://talosintelligence.com/vulnerability_reports/TALOS-2020-1125
- https://support.apple.com/kb/HT212011
- http://seclists.org/fulldisclosure/2020/Dec/32