PT-2020-13597 · Pixar+1 · Pixar Openusd+1

Aleksandar Nikolic

Published

2020-12-11

Updated

2022-06-07

CVE-2020-13520

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Pixar OpenUSD version 20.05

Description A memory corruption issue exists due to the way Pixar OpenUSD reconstructs paths from binary USD files. This can be triggered by a specially crafted malformed file, potentially leading to remote code execution. The victim must access an attacker-provided malformed file to trigger this issue.

Recommendations For Pixar OpenUSD version 20.05, consider avoiding the use of binary USD files from untrusted sources until a patch is available. As a temporary workaround, restrict access to files that could potentially trigger this issue to minimize the risk of exploitation.

Exploit

Fix

RCE

Buffer Overflow

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-787

Related Identifiers

CVE-2020-13520

Affected Products

Apple Macos

Pixar Openusd

PT-2020-13597 · Pixar+1 · Pixar Openusd+1

CVE-2020-13520

Weakness Enumeration

Related Identifiers

Affected Products

References · 7