{"api_version":"1","generated_at":"2026-05-03T05:15:40+00:00","cve":"CVE-2020-13495","urls":{"html":"https://cve.report/CVE-2020-13495","api":"https://cve.report/api/cve/CVE-2020-13495.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2020-13495","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2020-13495"},"summary":{"title":"CVE-2020-13495","description":"An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 handles file offsets in binary USD files. A specially crafted malformed file can trigger an arbitrary out-of-bounds memory access that could lead to the disclosure of sensitive information. This vulnerability could be used to bypass mitigations and aid additional exploitation. To trigger this vulnerability, the victim needs to access an attacker-provided file.","state":"PUBLIC","assigner":"talos-cna@cisco.com","published_at":"2022-04-18 17:15:00","updated_at":"2022-04-26 18:51:00"},"problem_types":["CWE-787"],"metrics":[],"references":[{"url":"https://talosintelligence.com/vulnerability_reports/TALOS-2020-1104","name":"https://talosintelligence.com/vulnerability_reports/TALOS-2020-1104","refsource":"MISC","tags":[],"title":"TALOS-2020-1104 ||  Cisco Talos Intelligence Group - Comprehensive Threat Intelligence","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2020-13495","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-13495","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2020","cve_id":"13495","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"mac_os_x","cpe6":"10.15.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"13495","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"pixar","cpe5":"openusd","cpe6":"20.05","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2020-13495","STATE":"PUBLIC","DATE_PUBLIC":"2020-11-12","ASSIGNER":"talos-cna@cisco.com"},"description":{"description_data":[{"lang":"eng","value":"An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 handles file offsets in binary USD files. A specially crafted malformed file can trigger an arbitrary out-of-bounds memory access that could lead to the disclosure of sensitive information. This vulnerability could be used to bypass mitigations and aid additional exploitation. To trigger this vulnerability, the victim needs to access an attacker-provided file."}]},"references":{"reference_data":[{"refsource":"MISC","name":"https://talosintelligence.com/vulnerability_reports/TALOS-2020-1104","url":"https://talosintelligence.com/vulnerability_reports/TALOS-2020-1104"}]},"impact":{"cvss":{"baseScore":4.3,"baseSeverity":"Medium","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N","version":"3.0"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"Apple","product":{"product_data":[{"product_name":"macOS","version":{"version_data":[{"version_value":"Catalina 10.15.3","version_affected":"="}]}}]}},{"vendor_name":"Pixar","product":{"product_data":[{"product_name":"OpenUSD","version":{"version_data":[{"version_value":"20.05","version_affected":"="}]}}]}}]}}},"nvd":{"publishedDate":"2022-04-18 17:15:00","lastModifiedDate":"2022-04-26 18:51:00","problem_types":["CWE-787"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":5.5,"baseSeverity":"MEDIUM"},"exploitabilityScore":1.8,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":4.3},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:pixar:openusd:20.05:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:o:apple:mac_os_x:10.15.3:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]}]}},"legacy_mitre":{"record":{"CveYear":"2020","CveId":"13495","Ordinal":"174679","Title":"CVE-2020-13495","CVE":"CVE-2020-13495","Year":"2020"},"notes":[{"CveYear":"2020","CveId":"13495","Ordinal":"1","NoteData":"** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.","Type":"Description","Title":null}]}}}