CVE-2020-13495

An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 handles file offsets in binary USD files. A specially crafted malformed file can trigger an arbitrary out-of-bounds memory access that could lead to the disclosure of sensitive information. This vulnerability could be used to bypass mitigations and aid additional exploitation. To trigger this vulnerability, the victim needs to access an attacker-provided file.

Published: Apr 18, 2022
Updated: Apr 13, 2023
CVE: CVE-2020-13495
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.5
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:P/I:N/A:N

CWEs:

CWE-787

Affected Software
References

Software	From	Fixed in
pixar / openusd	20.05	20.05.x

https://talosintelligence.com/vulnerability_reports/TALOS-2020-1104

Vulnerability Database

289,689

CVE-2020-13495