CVE-2020-13498

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2020-13498

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-13498.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-13498

Published

2020-12-02T18:15:12.493Z

Modified

2026-03-14T10:06:01.157292Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 handles parses certain encoded types. A specially crafted malformed file can trigger an arbitrary out of bounds memory access which could lead to information disclosure. This vulnerability could be used to bypass mitigations and aid further exploitation. To trigger this vulnerability, the victim needs to access an attacker-provided malformed file.

References

https://talosintelligence.com/vulnerability_reports/TALOS-2020-1105

Affected packages

Git / github.com/pixaranimationstudios/usd

Affected ranges

Type

GIT

Repo

https://github.com/pixaranimationstudios/usd

Events

Introduced

Last affected

ebac0a8b6703f4fa1c27115f1f013bb9819662f4

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "20.05"
        }
    ]
}

Affected versions

v0.*

v0.7.0

v0.7.1

v0.7.2

v0.7.3

v0.7.4

v0.7.5

v0.7.6

v0.8.0

v0.8.1

v0.8.2

v0.8.3

v0.8.4

v0.8.5

v0.8.5a

v18.*

v18.09

v18.11

v19.*

v19.01

v19.03

v19.05

v19.07

v19.11

v20.*

v20.02

v20.05

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-13498.json"