CVE-2020-13495

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2020-13495

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-13495.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-13495

Published

2022-04-18T17:15:12.057Z

Modified

2026-03-14T10:06:00.709745Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 handles file offsets in binary USD files. A specially crafted malformed file can trigger an arbitrary out-of-bounds memory access that could lead to the disclosure of sensitive information. This vulnerability could be used to bypass mitigations and aid additional exploitation. To trigger this vulnerability, the victim needs to access an attacker-provided file.

References

https://talosintelligence.com/vulnerability_reports/TALOS-2020-1104

Affected packages

Git / github.com/pixaranimationstudios/usd

Affected ranges

Type

GIT

Repo

https://github.com/pixaranimationstudios/usd

Events

Introduced

Last affected

ebac0a8b6703f4fa1c27115f1f013bb9819662f4

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "20.05"
        }
    ]
}

Affected versions

v0.*

v0.7.0

v0.7.1

v0.7.2

v0.7.3

v0.7.4

v0.7.5

v0.7.6

v0.8.0

v0.8.1

v0.8.2

v0.8.3

v0.8.4

v0.8.5

v0.8.5a

v18.*

v18.09

v18.11

v19.*

v19.01

v19.03

v19.05

v19.07

v19.11

v20.*

v20.02

v20.05

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-13495.json"