CVE-2020-13495

CVE Database · CVE-2020-13495

CVE-2020-13495

· MEDIUMModified

CVSS v3.1

5.5

EPSS

0.66%

Published

Apr 18, 2022

Modified

Nov 21, 2024

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 handles file offsets in binary USD files. A specially crafted malformed file can trigger an arbitrary out-of-bounds memory access that could lead to the disclosure of sensitive information. This vulnerability could be used to bypass mitigations and aid additional exploitation. To trigger this vulnerability, the victim needs to access an attacker-provided file.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Weaknesses (CWE)

CWE-119CWE-787

Affected Products (2)

pixar · openusdvulnerable

apple · mac_os_x

References (2)

https://talosintelligence.com/vulnerability_reports/TALOS-2020-1104

ExploitThird Party Advisory

https://talosintelligence.com/vulnerability_reports/TALOS-2020-1104

ExploitThird Party Advisory

KEV Catalog EPSS Scores Vendors All CVEs