CVE-2020-13531: Use After Free
First published: Thu Dec 03 2020(Updated: )
A use-after-free vulnerability exists in a way Pixar OpenUSD 20.08 processes reference paths textual USD files. A specially crafted file can trigger the reuse of a freed memory which can result in further memory corruption and arbitrary code execution. To trigger this vulnerability, the victim needs to open an attacker-provided malformed file.
Credit: talos-cna@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Pixar OpenUSD | =20.08 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2020-13531?
CVE-2020-13531 is a use-after-free vulnerability in Pixar OpenUSD 20.08 that can lead to memory corruption and arbitrary code execution.
How does CVE-2020-13531 affect Pixar OpenUSD?
CVE-2020-13531 affects Pixar OpenUSD 20.08 and can be triggered by a specially crafted file.
What is the severity level of CVE-2020-13531?
The severity level of CVE-2020-13531 is high with a CVSS score of 8.8.
How can CVE-2020-13531 be exploited?
CVE-2020-13531 can be exploited by using a specially crafted file to trigger the reuse of freed memory.
Is there a fix for CVE-2020-13531?
At the moment, there is no official fix available for CVE-2020-13531. It is recommended to update to a patched version or apply any available mitigations.
- collector/nvd-index
- agent/weakness
- agent/type
- agent/event
- agent/references
- agent/severity
- agent/author
- agent/description
- agent/tags
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- vendor/pixar
- canonical/pixar openusd
- version/pixar openusd/20.08