An out-of-bounds memory corruption vulnerability exists in the way Pixar OpenUSD 20.05 uses SPECS data from binary USD files. A specially crafted malformed file can trigger an out-of-bounds memory access and modification which results in memory corruption. To trigger this vulnerability, the victim needs to access an attacker-provided malformed file.
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
The product writes data past the end, or before the beginning, of the intended buffer.
| Link | Tags |
|---|---|
| https://talosintelligence.com/vulnerability_reports/TALOS-2020-1125 | third party advisory exploit |
| http://seclists.org/fulldisclosure/2020/Dec/32 | third party advisory mailing list |
| http://seclists.org/fulldisclosure/2020/Dec/26 | third party advisory mailing list |
| https://support.apple.com/kb/HT212011 | third party advisory |