-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CVE-2020-13495 Security issue (NIST 5.5) #1966
Comments
Filed as internal issue #USD-7524 |
This problem was fixed in version 20.11, but this CVE was somehow left out of the CHANGELOG. I'll update it, thanks! |
Thanks.
From: Alex Mohr ***@***.***>
Sent: 04 August 2022 22:50
To: PixarAnimationStudios/USD ***@***.***>
Cc: GraemeMcCarthy ***@***.***>; Author ***@***.***>
Subject: Re: [PixarAnimationStudios/USD] CVE-2020-13495 Security issue (NIST 5.5) (Issue #1966)
This problem was fixed in version 20.11, but this CVE was somehow left out of the CHANGELOG. I'll update it, thanks!
—
Reply to this email directly, view it on GitHub<#1966 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/A2IRT67NJWVHNB2SU6ZGNCTVXQ3JVANCNFSM545AMPWA>.
You are receiving this because you authored the thread.Message ID: ***@***.******@***.***>>
…-----------------
Siemens Industry Software Limited is a limited company registered in England and Wales.
Registered number: 3476850.
Registered office: Pinehurst 2, Pinehurst Road, Farnborough, Hampshire, GU14 7BF.
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description of Issue
CVE-2020-13495
https://nvd.nist.gov/vuln/detail/CVE-2020-13495
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1104
Steps to Reproduce
An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 handles file offsets in binary USD files. A specially crafted malformed file can trigger an arbitrary out-of-bounds memory access that could lead to the disclosure of sensitive information. This vulnerability could be used to bypass mitigations and aid additional exploitation. To trigger this vulnerability, the victim needs to access an attacker-provided file.
System Information (OS, Hardware)
n/a
Package Versions
20.05
Build Flags
n/a
The text was updated successfully, but these errors were encountered: