CVE-2020-6147

HIGH | Platform: iPadOS | Changelog

CVE Details

Description

A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. This instance exists in the USDC file format FIELDS section decompression heap overflow.

CVSS 3.1 Score

Metric	Value
Base Score	7.8 (HIGH)
Vector	`CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H`

Weakness

CWE-122
CWE-787

References

Apple Security Advisory
NVD Entry
http://seclists.org/fulldisclosure/2020/Nov/20 (Mailing List, Third Party Advisory)
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1094 (Exploit, Third Party Advisory)