CVE-2020-13496

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-13496

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-13496.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-13496

Published

2020-12-02T18:15:12.353Z

Modified

2025-11-20T11:11:37.570518Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 handles parses certain encoded types. A specially crafted malformed file can trigger an arbitrary out of bounds memory access in TfToken Type Index. This vulnerability could be used to bypass mitigations and aid further exploitation. To trigger this vulnerability, the victim needs to access an attacker-provided malformed file.

References

https://talosintelligence.com/vulnerability_reports/TALOS-2020-1105

Affected packages

Git / github.com/pixaranimationstudios/usd

Affected ranges

Type: GIT
Repo: https://github.com/pixaranimationstudios/usd
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

ebac0a8b6703f4fa1c27115f1f013bb9819662f4

Affected versions

v0.*

v0.7.0

v0.7.1

v0.7.2

v0.7.3

v0.7.4

v0.7.5

v0.7.6

v0.8.0

v0.8.1

v0.8.2

v0.8.3

v0.8.4

v0.8.5

v0.8.5a

v18.*

v18.09

v18.11

v19.*

v19.01

v19.03

v19.05

v19.07

v19.11

v20.*

v20.02

v20.05