Arbitrary Out-of-Bounds Memory Access in Pixar OpenUSD by Pixar
CVE-2020-13495

4.3MEDIUM

Key Information:

Vendor: Apple
Status: Mac OS; Openusd
Vendor: CVE Published:; 18 April 2022

Summary

An exploitable vulnerability in Pixar OpenUSD 20.05 can be triggered by specially crafted binary USD files, where incorrect handling of file offsets leads to arbitrary out-of-bounds memory access. This flaw could potentially allow attackers to disclose sensitive information, as it might bypass existing mitigations and facilitate further exploitation. To exploit this vulnerability, victims must access a maliciously crafted file provided by the attacker.

Affected Version(s)

macOS Catalina 10.15.3

OpenUSD 20.05

References

https://talosintelligence.com/vulnerability_reports/TALOS...

x_refsource_MISC

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Apr 18, 2022
Vulnerability Reserved
May 26, 2020