CVE-2020-13497

CVSS 4.3 MEDIUMEPSS 1.2%CWE-119

Vexday Risk Score

13Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 4.3EPSS 1.2%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

02 Dec 2020Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 handles parses certain encoded types. A specially crafted malformed file can trigger an arbitrary out of bounds memory access in String Type Index. This vulnerability could be used to bypass mitigations and aid further exploitation. To trigger this vulnerability, the victim needs to access an attacker-provided malformed file.

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Affected products

n/a · Pixar

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://talosintelligence.com/vulnerability_reports/TALOS-2020-1105