Lucene search

TalosCVELIST:CVE-2020-13495

HistoryApr 18, 2022 - 4:15 p.m.

CVE-2020-13495

2022-04-1816:15:20

CWE-119

talos

www.cve.org

vulnerability

pixar openusd

out-of-bounds

memory access

sensitive information

file

exploitation

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

AI Score

5.5

Confidence

High

EPSS

0.001

Percentile

35.0%

JSON

An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 handles file offsets in binary USD files. A specially crafted malformed file can trigger an arbitrary out-of-bounds memory access that could lead to the disclosure of sensitive information. This vulnerability could be used to bypass mitigations and aid additional exploitation. To trigger this vulnerability, the victim needs to access an attacker-provided file.

CNA Affected

[
  {
    "product": "macOS",
    "vendor": "Apple",
    "versions": [
      {
        "status": "affected",
        "version": "Catalina 10.15.3"
      }
    ]
  },
  {
    "product": "OpenUSD",
    "vendor": "Pixar",
    "versions": [
      {
        "status": "affected",
        "version": "20.05"
      }
    ]
  }
]

References

talosintelligence.com/vulnerability_reports/TALOS-2020-1104

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

AI Score

5.5

Confidence

High

EPSS

0.001

Percentile

35.0%

JSON

Related for CVELIST:CVE-2020-13495