Description
An out-of-bounds memory corruption vulnerability exists in the way Pixar OpenUSD 20.05 uses SPECS data from binary USD files. A specially crafted malformed file can trigger an out-of-bounds memory access and modification which results in memory corruption. To trigger this vulnerability, the victim needs to access an attacker-provided malformed file.
References (4)
Core 4
Core References
Exploit, Third Party Advisory x_refsource_misc
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1125
Mailing List, Third Party Advisory mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2020/Dec/32
Mailing List, Third Party Advisory mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2020/Dec/26
Third Party Advisory x_refsource_confirm
https://support.apple.com/kb/HT212011
Scores
CVSS v3
5.5
EPSS
0.0082
EPSS Percentile
52.5%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Details
CWE
CWE-119
CWE-787
Status
published
Products (5)
apple/mac_os_x
10.14.6 security_update_2019-001 (14 CPE variants)
apple/mac_os_x
10.15.7 security_update_2020-001
apple/mac_os_x
10.14.0 - 10.14.6
apple/macos
11.0 - 11.1
pixar/openusd
20.05
Published
Dec 03, 2020
Tracked Since
Feb 18, 2026