CVE-2020-13524
03.12.2020, 18:15
An out-of-bounds memory corruption vulnerability exists in the way Pixar OpenUSD 20.05 uses SPECS data from binary USD files. A specially crafted malformed file can trigger an out-of-bounds memory access and modification which results in memory corruption. To trigger this vulnerability, the victim needs to access an attacker-provided malformed file.Enginsight
| Vendor | Product | Version |
|---|---|---|
| pixar | openusd | 20.05 |
| apple | mac_os_x | 10.14.0 ≤ 𝑥 < 10.14.6 |
| apple | mac_os_x | 10.15 ≤ 𝑥 < 10.15.7 |
| apple | mac_os_x | 10.14.6:security_update_2019-001 |
| apple | mac_os_x | 10.14.6:security_update_2019-002 |
| apple | mac_os_x | 10.14.6:security_update_2019-004 |
| apple | mac_os_x | 10.14.6:security_update_2019-005 |
| apple | mac_os_x | 10.14.6:security_update_2019-006 |
| apple | mac_os_x | 10.14.6:security_update_2019-007 |
| apple | mac_os_x | 10.14.6:security_update_2020-001 |
| apple | mac_os_x | 10.14.6:security_update_2020-002 |
| apple | mac_os_x | 10.14.6:security_update_2020-003 |
| apple | mac_os_x | 10.14.6:security_update_2020-004 |
| apple | mac_os_x | 10.14.6:security_update_2020-005 |
| apple | mac_os_x | 10.14.6:security_update_2020-006 |
| apple | mac_os_x | 10.14.6:supplemental_update |
| apple | mac_os_x | 10.14.6:supplemental_update_2 |
| apple | mac_os_x | 10.15.7:security_update_2020-001 |
| apple | macos | 11.0 ≤ 𝑥 < 11.1 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-119 - Improper Restriction of Operations within the Bounds of a Memory BufferThe software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.
- CWE-787 - Out-of-bounds WriteThe software writes data past the end, or before the beginning, of the intended buffer.
References