CVE-2020-13494
First published: Wed Dec 02 2020(Updated: )
A heap overflow vulnerability exists in the Pixar OpenUSD 20.05 parsing of compressed string tokens in binary USD files. A specially crafted malformed file can trigger a heap overflow which can result in out of bounds memory access which could lead to information disclosure. This vulnerability could be used to bypass mitigations and aid further exploitation. To trigger this vulnerability, victim needs to access an attacker-provided malformed file.
Credit: talos-cna@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Pixar OpenUSD | =20.05 | |
| Apple iOS and macOS |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2020-13494?
CVE-2020-13494 is a heap overflow vulnerability in Pixar OpenUSD 20.05 that allows for out of bounds memory access and potential information disclosure.
How does CVE-2020-13494 occur?
CVE-2020-13494 occurs when the Pixar OpenUSD 20.05 parser encounters compressed string tokens in binary USD files.
What is the severity of CVE-2020-13494?
CVE-2020-13494 has a severity rating of medium, with a CVSS score of 5.5.
Which software versions are affected by CVE-2020-13494?
Pixar OpenUSD version 20.05 is affected by CVE-2020-13494.
How can CVE-2020-13494 be mitigated?
To mitigate CVE-2020-13494, users should update to a patched version of Pixar OpenUSD as soon as it becomes available.
- agent/weakness
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/references
- agent/last-modified-date
- agent/event
- agent/description
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/pixar
- canonical/pixar openusd
- version/pixar openusd/20.05
- vendor/apple
- canonical/apple ios and macos