Lucene search

TalosCVELIST:CVE-2020-13520

HistoryDec 11, 2020 - 3:25 a.m.

CVE-2020-13520

2020-12-1103:25:01

CWE-119

talos

www.cve.org

pixar openusd

memory corruption

remote code execution

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.2

Confidence

High

EPSS

0.002

Percentile

54.7%

JSON

An out of bounds memory corruption vulnerability exists in the way Pixar OpenUSD 20.05 reconstructs paths from binary USD files. A specially crafted malformed file can trigger an out of bounds memory modification which can result in remote code execution. To trigger this vulnerability, victim needs to access an attacker-provided malformed file.

CNA Affected

[
  {
    "product": "Pixar",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Pixar OpenUSD 20.05 (tested in Apple macOS Catalina 10.15.3)"
      }
    ]
  }
]

References

support.apple.com/kb/HT212011

talosintelligence.com/vulnerability_reports/TALOS-2020-1120

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.2

Confidence

High

EPSS

0.002

Percentile

54.7%

JSON

Related for CVELIST:CVE-2020-13520