CVE-2020-13496: Buffer Overflow
First published: Wed Dec 02 2020(Updated: )
An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 handles parses certain encoded types. A specially crafted malformed file can trigger an arbitrary out of bounds memory access in TfToken Type Index. This vulnerability could be used to bypass mitigations and aid further exploitation. To trigger this vulnerability, the victim needs to access an attacker-provided malformed file.
Credit: talos-cna@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Pixar OpenUSD | =20.05 | |
| Apple iOS and macOS |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this security issue?
The vulnerability ID for this security issue is CVE-2020-13496.
What is the severity rating of CVE-2020-13496?
CVE-2020-13496 has a severity rating of 6.5 (Medium).
What software is affected by CVE-2020-13496?
Pixar OpenUSD version 20.05 is affected by CVE-2020-13496.
How can an attacker exploit CVE-2020-13496?
An attacker can exploit CVE-2020-13496 by using a specially crafted malformed file to trigger an arbitrary out of bounds memory access in TfToken Type Index.
Is Apple macOS vulnerable to CVE-2020-13496?
No, Apple macOS is not vulnerable to CVE-2020-13496.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/references
- agent/last-modified-date
- agent/weakness
- agent/event
- agent/description
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/pixar
- canonical/pixar openusd
- version/pixar openusd/20.05
- vendor/apple
- canonical/apple ios and macos