CVE-2020-13493

Name of the Vulnerable Software and Affected Versions Pixar OpenUSD version 20.05

Description A heap overflow issue exists when the software parses compressed sections in binary USD files. This occurs due to the way path jumps are processed in specially crafted USDC file formats, leading to a decompression heap overflow. The victim must open a malformed file provided by an attacker to trigger this issue.

Recommendations For Pixar OpenUSD version 20.05, consider avoiding the use of compressed sections in binary USD files or restricting access to the software until a fix is available. As a temporary workaround, refrain from opening files from untrusted sources to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.