Out of Bounds Memory Access in Pixar OpenUSD Product
CVE-2020-13498

4.3MEDIUM

Key Information:

Vendor: Apple
Status: Mac OS; Openusd
Vendor: CVE Published:; 2 December 2020

Summary

A vulnerability exists in Pixar OpenUSD 20.05 due to improper handling of certain encoded types, which can result in an out of bounds memory access. This can be exploited through specially crafted malformed files, allowing an attacker to disclose sensitive information. Users are at risk if they access these malicious files, which may bypass existing mitigations and facilitate further exploitation.

Affected Version(s)

macOS Catalina 10.15.3

OpenUSD 20.05

References

https://talosintelligence.com/vulnerability_reports/TALOS...

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Dec 2, 2020
Vulnerability Reserved
May 26, 2020