Microsoft Azure Sphere Denial of Service Vulnerability (CNVD-2020-73757)

Microsoft Azure Sphere is an appliance from Microsoft USA that is used to provide security in cloud environments. A denial of service vulnerability exists in Microsoft Azure Sphere version 20.05, which stems from the asynchronous ioctl feature of Microsoft Azure Sphere 20.05. An attacker could...

CVE-2020-13524

CVE-2020-13524 is an out-of-bounds memory corruption vulnerability in Pixar OpenUSD 20.05 that occurs when parsing SPECS data from binary USD files. A specially crafted malformed USD file can trigger an out-of-bounds memory access/modification, leading to memory corruption. Exploitation details a...

CVE-2020-13494

A heap overflow vulnerability exists in the Pixar OpenUSD 20.05 parsing of compressed string tokens in binary USD files. A specially crafted malformed file can trigger a heap overflow which can result in out of bounds memory access which could lead to information disclosure. This vulnerability...

CVE-2020-13498

An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 handles parses certain encoded types. A specially crafted malformed file can trigger an arbitrary out of bounds memory access which could lead to information disclosure. This vulnerability could be used to bypass mitigations and a...

CVE-2020-13497

An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 handles parses certain encoded types. A specially crafted malformed file can trigger an arbitrary out of bounds memory access in String Type Index. This vulnerability could be used to bypass mitigations and aid further exploitatio...

Design/Logic Flaw

An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 handles parses certain encoded types. A specially crafted malformed file can trigger an arbitrary out of bounds memory access in String Type Index. This vulnerability could be used to bypass mitigations and aid further exploitatio...

Heap overflow

A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. A specially crafted USDC file format path jumps decompression heap overflow in a way path jumps are processed. To trigger this vulnerability, the victim needs to open an...

CVE-2020-13498

Pixar OpenUSD 20.05 is vulnerable to an out-of-bounds read related to index handling in the USD binary file format. The Talos report details three CVEs (TfToken, String, and SdfPath index reads) where missing bounds checks on internal token/path indices can allow reading beyond the allocated arra...

CVE-2020-13497

CVE-2020-13497 affects Pixar OpenUSD 20.05. The vulnerability is a String Type Index out-of-bounds read in USD crate parsing, triggered by a specially crafted malformed file. It can lead to memory access violations and potential information disclosure or memory corruption. The Talos report confir...

CVE-2020-13496

CVE-2020-13496 affects Pixar OpenUSD 20.05. The TALOS report documents a TfToken Type Index Out Of Bounds Read in the crate parsing path: the code retrieves a token index without proper bounds checks, leading to an out-of-bounds access to the _tokens array and potential information disclosure or ...

CVE-2020-13493

Pixar OpenUSD 20.05 is affected by a set of heap overflow vulnerabilities in the USDC file format when parsing compressed sections. The TALOS report details multiple CVEs (CVE-2020-6147, -6148, -6149, -6150, -6156) where buffers sized from file-provided counts (numFields, numFieldSets, numPaths, ...

Pixar OpenUSD Buffer Error Vulnerability

Pixar OpenUSD is a software from the American company Pixar Pixar that generates 3D computer scenes. The software is widely used in the animation and game industries for designing 3D scenes. A security vulnerability exists in Pixar OpenUSD 20.05 that stems from an exploitable flaw in the way it...

CVE-2020-6155

A heap overflow vulnerability exists in the Pixar OpenUSD 20.05 while parsing compressed value rep arrays in binary USD files. A specially crafted malformed file can trigger a heap overflow, which can result in remote code execution. To trigger this vulnerability, the victim needs to access an...

CVE-2020-6156

A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. To trigger this vulnerability, the victim needs to open an attacker-provided malformed file in an instance USDC file format path element token index...

CVE-2020-6147

A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. This instance exists in the USDC file format FIELDS section decompression heap overflow...

CVE-2020-6149

A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. To trigger this vulnerability, the victim needs to open an attacker-provided malformed file in an instance in USDC file format PATHS section...

Heap overflow

A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. This instance exists in the USDC file format FIELDS section decompression heap overflow...

Heap overflow

A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. To trigger this vulnerability, the victim needs to open an attacker-provided malformed file in an instance USDC file format path element token index...

Heap overflow

A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. An instance exists in USDC file format FIELDSETS section decompression heap overflow...

CVE-2020-6149

Pixar OpenUSD 20.05 is affected by heap overflow vulnerabilities in the USD binary file format USDC sections (PATHS, FIELDS, FIELDSETS, SPECS, etc.). The TALOS advisory details multiple CVEs (including CVE-2020-6149) where decompressing specific sections of binary USD files can lead to heap-based...