Vulnerability Description
An out-of-bounds memory corruption vulnerability exists in the way Pixar OpenUSD 20.05 uses SPECS data from binary USD files. A specially crafted malformed file can trigger an out-of-bounds memory access and modification which results in memory corruption. To trigger this vulnerability, the victim needs to access an attacker-provided malformed file.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Pixar | Openusd | 20.05 |
| Apple | Mac Os X | >= 10.14.0, < 10.14.6 |
| Apple | Macos | >= 11.0, < 11.1 |
Related Weaknesses (CWE)
References
- http://seclists.org/fulldisclosure/2020/Dec/26Mailing ListThird Party Advisory
- http://seclists.org/fulldisclosure/2020/Dec/32Mailing ListThird Party Advisory
- https://support.apple.com/kb/HT212011Third Party Advisory
- https://talosintelligence.com/vulnerability_reports/TALOS-2020-1125ExploitThird Party Advisory
- http://seclists.org/fulldisclosure/2020/Dec/26Mailing ListThird Party Advisory
- http://seclists.org/fulldisclosure/2020/Dec/32Mailing ListThird Party Advisory
- https://support.apple.com/kb/HT212011Third Party Advisory
- https://talosintelligence.com/vulnerability_reports/TALOS-2020-1125ExploitThird Party Advisory
FAQ
What is CVE-2020-13524?
CVE-2020-13524 is a vulnerability with a CVSS score of 5.5 (MEDIUM). An out-of-bounds memory corruption vulnerability exists in the way Pixar OpenUSD 20.05 uses SPECS data from binary USD files. A specially crafted malformed file can trigger an out-of-bounds memory acc...
How severe is CVE-2020-13524?
CVE-2020-13524 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-13524?
Check the references section above for vendor advisories and patch information. Affected products include: Pixar Openusd, Apple Mac Os X, Apple Macos.