Lucene search
K
PixarOpenusd

15 matches found

CVE
CVE
added 2020/12/11 3:25 a.m.122 views

CVE-2020-13520

CVE-2020-13520 affects Pixar OpenUSD 20.05. The issue is an out-of-bounds memory corruption when reconstructing paths from binary USD files, triggered by a specially crafted malformed file. This can lead to remote code execution if a victim processes the attacker-provided file. Connected sources ...

8.8CVSS8.1AI score0.02023EPSS
CVE
CVE
added 2020/12/03 5:3 p.m.114 views

CVE-2020-13524

CVE-2020-13524 is an out-of-bounds memory corruption vulnerability in Pixar OpenUSD 20.05 that occurs when parsing SPECS data from binary USD files. A specially crafted malformed USD file can trigger an out-of-bounds memory access/modification, leading to memory corruption. Exploitation details a...

6.3CVSS6.3AI score0.00817EPSS
CVE
CVE
added 2020/12/02 5:30 p.m.105 views

CVE-2020-13498

Pixar OpenUSD 20.05 is vulnerable to an out-of-bounds read related to index handling in the USD binary file format. The Talos report details three CVEs (TfToken, String, and SdfPath index reads) where missing bounds checks on internal token/path indices can allow reading beyond the allocated arra...

5.5CVSS5.6AI score0.00856EPSS
CVE
CVE
added 2020/12/02 5:30 p.m.102 views

CVE-2020-13496

CVE-2020-13496 affects Pixar OpenUSD 20.05. The TALOS report documents a TfToken Type Index Out Of Bounds Read in the crate parsing path: the code retrieves a token index without proper bounds checks, leading to an out-of-bounds access to the _tokens array and potential information disclosure or ...

6.5CVSS6.4AI score0.0168EPSS
CVE
CVE
added 2020/12/02 5:30 p.m.95 views

CVE-2020-13497

CVE-2020-13497 affects Pixar OpenUSD 20.05. The vulnerability is a String Type Index out-of-bounds read in USD crate parsing, triggered by a specially crafted malformed file. It can lead to memory access violations and potential information disclosure or memory corruption. The Talos report confir...

5.5CVSS5.8AI score0.01186EPSS
CVE
CVE
added 2020/12/02 5:25 p.m.70 views

CVE-2020-13493

Pixar OpenUSD 20.05 is affected by a set of heap overflow vulnerabilities in the USDC file format when parsing compressed sections. The TALOS report details multiple CVEs (CVE-2020-6147, -6148, -6149, -6150, -6156) where buffers sized from file-provided counts (numFields, numFieldSets, numPaths, ...

8.8CVSS7.6AI score0.0133EPSS
CVE
CVE
added 2020/12/03 4:23 p.m.70 views

CVE-2020-13531

Pixar OpenUSD 20.08 contains a use-after-free in the processing of reference paths in textual USD files, disclosed via multiple sources including TALOS-2020-1145. The vulnerability stems from stale SdfPath references being reused after freeing memory during validation of layer offsets for referen...

8.8CVSS9AI score0.02682EPSS
CVE
CVE
added 2020/11/13 2:43 p.m.67 views

CVE-2020-6147

Pixar OpenUSD 20.05 vulnerability CVE-2020-6147 involves heap overflow when parsing USDC binary sections with compression. Four compressed sections (FIELDS, FIELDSETS, PATHS, SPECS) can trigger overflows because allocated buffers depend on file-provided counts while read sizes come from the same ...

8.8CVSS7.9AI score0.01433EPSS
CVE
CVE
added 2020/11/13 2:41 p.m.65 views

CVE-2020-6156

Pixar OpenUSD 20.05 is affected by multiple heap overflow vulnerabilities in the USDC/USD binary file format handling. The issues occur when parsing compressed sections (FIELDS, FIELDSETS, PATHS, SPECS) and path element data, where decompres­sion buffers are sized from file-provided counts and th...

8.8CVSS7.6AI score0.0133EPSS
CVE
CVE
added 2020/11/13 2:44 p.m.64 views

CVE-2020-6149

Pixar OpenUSD 20.05 is affected by heap overflow vulnerabilities in the USD binary file format USDC sections (PATHS, FIELDS, FIELDSETS, SPECS, etc.). The TALOS advisory details multiple CVEs (including CVE-2020-6149) where decompressing specific sections of binary USD files can lead to heap-based...

8.8CVSS7.6AI score0.0133EPSS
CVE
CVE
added 2022/04/18 4:15 p.m.62 views

CVE-2020-13495

Pixar OpenUSD 20.05 is affected. A specially crafted malformed binary USD file can trigger an out-of-bounds memory access in how file offsets are handled, potentially leading to disclosure of sensitive information. Exploitation details appear via PoCs in a referenced advisory; the attack requires...

5.5CVSS5.5AI score0.00683EPSS
CVE
CVE
added 2020/11/13 2:38 p.m.61 views

CVE-2020-6155

Pixar OpenUSD 20.05 binary file format vulnerability: two code paths (compressed integer and floating-point arrays) can trigger a heap-based buffer overflow while decoding the reps array in binary USD files. The overflow arises when a size read from the file and a later, larger size are used to a...

8.8CVSS7.9AI score0.02558EPSS
CVE
CVE
added 2020/12/02 5:28 p.m.60 views

CVE-2020-13494

Pixar OpenUSD 20.05 contains a heap overflow in parsing compressed string tokens in binary USD files. A specially crafted malformed file can trigger a heap-based buffer overflow, leading to out-of-bounds memory access and potential information disclosure. Exploitation requires the victim to open ...

5.5CVSS5.3AI score0.01164EPSS
CVE
CVE
added 2020/11/13 2:43 p.m.56 views

CVE-2020-6148

CVE-2020-6148 maps to Pixar OpenUSD 20.05. The vulnerability is a set of heap overflow flaws in the USD binary file format when processing compressed sections (FIELDS, FIELDSETS, PATHS, SPECS) in USDC/USD files. The root cause is incorrect buffer sizing during decompression reads, where read size...

8.8CVSS7.7AI score0.0133EPSS
CVE
CVE
added 2020/11/13 2:24 p.m.54 views

CVE-2020-6150

Four heap overflow CVEs in Pixar OpenUSD 20.05 related to USDC file format decompression of SPECS, FIELDS, FIELDSETS, and PATHS sections. TALOS-2020-1094 details exact code paths (crateFile.cpp) where unvalidated section sizes and mismatched ReadContiguous/decompression buffers allow heap-based o...

8.8CVSS7.7AI score0.0133EPSS