CVE-2020-13495

Vulnerability

An exploitable vulnerability exists in Pixar OpenUSD 20.05 in the way it handles file offsets in binary USD files. The _ReadTOC function reads a table of contents offset from the file's bootstrap without proper bounds checking, allowing an attacker to craft a malformed file that triggers an arbitrary out-of-bounds memory access [1]. The affected version is OpenUSD 20.05, as tested on macOS Catalina 10.15.3.

Exploitation

An attacker can create a specially crafted binary USD file with manipulated file offsets. The victim must open the malicious file, for example by viewing a thumbnail on macOS or opening a shared file via iMessage on iOS. No authentication is required, but user interaction is necessary [1].

Impact

Successful exploitation results in an out-of-bounds read, leading to the disclosure of sensitive information from memory. This information disclosure could be used to bypass security mitigations and aid in further exploitation. The CVSSv3 score is 4.3, indicating low confidentiality impact [1].

Mitigation

The available reference does not specify a fixed version or workaround. Users should monitor Pixar OpenUSD for updates and apply any patches when released. Until a fix is available, avoid opening untrusted USD files [1].