← Back

CVE-2020-13524

nvd nist
Published: Dec 3, 2020Modified: Nov 21, 2024

JSON object

Loading...
5.5
Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Exploitability: 1.8 / Impact: 3.6
Source: NVD

Description

An out-of-bounds memory corruption vulnerability exists in the way Pixar OpenUSD 20.05 uses SPECS data from binary USD files. A specially crafted malformed file can trigger an out-of-bounds memory access and modification which results in memory corruption. To trigger this vulnerability, the victim needs to access an attacker-provided malformed file.

Affected (19)

Products: Pixar: Openusd · Apple: Mac Os X, Macos
Pixar
1 product
Openusd
Apple
2 products
Mac Os X
Macos
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Openusd
Version 20.05
Configuration B
18 vulnerable
Vulnerable SoftwareAffected Versions
Apple
Mac Os X
From 10.14.0 to 10.14.6
Mac Os X
From 10.15 to 10.15.7
Mac Os X
Version 10.14.6 security_update_2019-001
Mac Os X
Version 10.14.6 security_update_2019-002
Mac Os X
Version 10.14.6 security_update_2019-004
Mac Os X
Version 10.14.6 security_update_2019-005
Mac Os X
Version 10.14.6 security_update_2019-006
Mac Os X
Version 10.14.6 security_update_2019-007
Mac Os X
Version 10.14.6 security_update_2020-001
Mac Os X
Version 10.14.6 security_update_2020-002
Mac Os X
Version 10.14.6 security_update_2020-003
Mac Os X
Version 10.14.6 security_update_2020-004
Mac Os X
Version 10.14.6 security_update_2020-005
Mac Os X
Version 10.14.6 security_update_2020-006
Mac Os X
Version 10.14.6 supplemental_update
Mac Os X
Version 10.14.6 supplemental_update_2
Mac Os X
Version 10.15.7 security_update_2020-001
Macos
From 11.0 to 11.1

Related CWEs

CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
CWE-787
Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.

References (8)

Source: talos-cna@cisco.com
Mailing ListThird Party Advisory
Source: talos-cna@cisco.com
Mailing ListThird Party Advisory
Source: talos-cna@cisco.com
Third Party Advisory
Source: talos-cna@cisco.com
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory

Timeline

No history available yet.