Home > Vulnerability Database > CVE-2020-13494

Mend.io Vulnerability Database

CVE-2020-13494

Good to know:

Date: December 2, 2020

A heap overflow vulnerability exists in the Pixar OpenUSD 20.05 parsing of compressed string tokens in binary USD files. A specially crafted malformed file can trigger a heap overflow which can result in out of bounds memory access which could lead to information disclosure. This vulnerability could be used to bypass mitigations and aid further exploitation. To trigger this vulnerability, victim needs to access an attacker-provided malformed file.

Language: C

Severity Score

5.5

Related Resources (3)

Url: https://nvd.nist.gov/vuln/detail/CVE-2020-13494

Url: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1103

Url: https://www.mend.io/vulnerability-database/CVE-2020-13494

Severity Score

5.5

Weakness Type (CWE)

Out-of-bounds Write

CWE-787

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CWE-120

Heap-based Buffer Overflow

CWE-122

Top Fix

Upgrade Version

Upgrade to version 20.11

Learn More

CVSS v3.1

Base Score:	5.5
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	4.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2020-13494

Good to know:

Date: December 2, 2020

Language: C

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?