Lucene search
HistoryApr 17, 2023 - 9:15 p.m.
CVE-2023-27906
cve-2023-27906
malicious actor
victim
usd file
out-of-bounds read vulnerability
code execution
nvd
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.6 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
27.4%
A malicious actor may convince a victim to open a malicious USD file that may trigger an out-of-bounds read vulnerability which may result in code execution.
Affected configurations
Node
autodeskmaya_usdRange<0.23.0
| CPE | Name | Operator | Version |
|---|---|---|---|
| autodesk:maya_usd | autodesk maya usd | lt | 0.23.0 |
CNA Affected
[
{
"vendor": "n/a",
"product": "Autodesk Maya USD Plugin",
"versions": [
{
"version": "0.22.0",
"status": "affected"
}
]
}
]Related
prion
prion
Out-of-bounds
2023-04-17 21:15:00
cvelist
cvelist
CVE-2023-27906
2023-04-17 00:00:00
osv
osv
CVE-2023-27906
2023-04-17 21:15:07
nvd
nvd
CVE-2023-27906
2023-04-17 21:15:07
zdi
zdi
nessus
nessus
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.6 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
27.4%
Related for CVE-2023-27906