CVE-2020-13495: Buffer Overflow
First published: Thu Nov 12 2020(Updated: )
An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 handles file offsets in binary USD files. A specially crafted malformed file can trigger an arbitrary out-of-bounds memory access that could lead to the disclosure of sensitive information. This vulnerability could be used to bypass mitigations and aid additional exploitation. To trigger this vulnerability, the victim needs to access an attacker-provided file.
Credit: talos-cna@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Pixar OpenUSD | =20.05 | |
| Apple Mac OS X | =10.15.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2020-13495?
CVE-2020-13495 is a vulnerability in Pixar OpenUSD 20.05 that allows for arbitrary out-of-bounds memory access and disclosure of sensitive information.
How does CVE-2020-13495 affect Pixar OpenUSD?
CVE-2020-13495 affects Pixar OpenUSD 20.05 by mishandling file offsets in binary USD files.
What is the severity of CVE-2020-13495?
The severity of CVE-2020-13495 is medium, with a CVSS score of 5.5.
Is CVE-2020-13495 exploitable on Apple Mac OS X 10.15.3?
No, CVE-2020-13495 is not exploitable on Apple Mac OS X 10.15.3.
How can CVE-2020-13495 be fixed?
To fix CVE-2020-13495, users should update to the latest version of Pixar OpenUSD 20.05.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/references
- agent/last-modified-date
- agent/weakness
- agent/tags
- agent/event
- agent/description
- agent/first-publish-date
- agent/source
- vendor/pixar
- canonical/pixar openusd
- version/pixar openusd/20.05
- vendor/apple
- canonical/apple mac os x
- version/apple mac os x/10.15.3