CVE-2020-13494

Name of the Vulnerable Software and Affected Versions Pixar OpenUSD version 20.05

Description A heap overflow issue exists in the parsing of compressed string tokens in binary USD files. This can be triggered by a specially crafted malformed file, leading to out of bounds memory access and potentially resulting in information disclosure. The issue could be used to bypass mitigations and aid in further exploitation. It is triggered when a victim accesses an attacker-provided malformed file.

Recommendations For Pixar OpenUSD version 20.05, consider avoiding the use of compressed string tokens in binary USD files until a patch is available. As a temporary workaround, restrict access to potentially malicious files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.