CVE-2020-13493: High severity pixar openusd vulnerability
Published Dec 2, 2020
·Updated
A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. A specially crafted USDC file format path jumps decompression heap overflow in a way path jumps are processed. To trigger this vulnerability, the victim needs to open an attacker-provided malformed file.
Affected Software
2 affected components
Pixar OpenUSD=20.05
macOS
Event History
Dec 2, 2020
CVE Published
via MITRE·05:25 PM
Data Sourced
via MITRE·05:25 PM
DescriptionSeverityWeakness
Frequently Asked Questions
1
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2020-13493.
2
What is the severity of CVE-2020-13493?
The severity of CVE-2020-13493 is high, with a CVSS score of 7.8.
3
Which software is affected by CVE-2020-13493?
Pixar OpenUSD 20.05 is affected by CVE-2020-13493.
4
How does CVE-2020-13493 occur?
CVE-2020-13493 occurs due to a heap overflow vulnerability when parsing compressed sections in binary USD files.
5
Is Apple macOS vulnerable to CVE-2020-13493?
No, Apple macOS is not vulnerable to CVE-2020-13493.