CVE-2020-13494

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2020-13494

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-13494.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-13494

Published

2020-12-02T18:15:12.307Z

Modified

2026-03-14T10:06:00.556973Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

A heap overflow vulnerability exists in the Pixar OpenUSD 20.05 parsing of compressed string tokens in binary USD files. A specially crafted malformed file can trigger a heap overflow which can result in out of bounds memory access which could lead to information disclosure. This vulnerability could be used to bypass mitigations and aid further exploitation. To trigger this vulnerability, victim needs to access an attacker-provided malformed file.

References

https://talosintelligence.com/vulnerability_reports/TALOS-2020-1103

Affected packages

Git / github.com/pixaranimationstudios/usd

Affected ranges

Type

GIT

Repo

https://github.com/pixaranimationstudios/usd

Events

Introduced

Last affected

ebac0a8b6703f4fa1c27115f1f013bb9819662f4

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "20.05"
        }
    ]
}

Affected versions

v0.*

v0.7.0

v0.7.1

v0.7.2

v0.7.3

v0.7.4

v0.7.5

v0.7.6

v0.8.0

v0.8.1

v0.8.2

v0.8.3

v0.8.4

v0.8.5

v0.8.5a

v18.*

v18.09

v18.11

v19.*

v19.01

v19.03

v19.05

v19.07

v19.11

v20.*

v20.02

v20.05

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-13494.json"