CVE-2020-13496
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 handles parses certain encoded types. A specially crafted malformed file can trigger an arbitrary out of bounds memory access in TfToken Type Index. This vulnerability could be used to bypass mitigations and aid further exploitation. To trigger this vulnerability, the victim needs to access an attacker-provided malformed file.
Se presenta una vulnerabilidad explotable en la manera en que Pixar OpenUSD versión 20.05, maneja determinados tipos codificados. Un archivo malformado especialmente diseñado puede desencadenar un acceso arbitrario a la memoria fuera de los límites en TfToken Type Index. Esta vulnerabilidad podría ser usada para omitir unas mitigaciones y ayudar a una mayor explotación. Para desencadenar esta vulnerabilidad, la víctima necesita acceder a un archivo malformado proporcionado por un atacante
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-05-26 CVE Reserved
- 2020-12-02 CVE Published
- 2024-04-06 EPSS Updated
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
- CWE-125: Out-of-bounds Read
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|---|---|
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1105 | 2024-08-04 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Pixar Search vendor "Pixar" | Openusd Search vendor "Pixar" for product "Openusd" | 20.05 Search vendor "Pixar" for product "Openusd" and version "20.05" | - |
Affected
| in | Apple Search vendor "Apple" | Macos Search vendor "Apple" for product "Macos" | - | - |
Safe
|