CVE-2020-13496

Name of the Vulnerable Software and Affected Versions Pixar OpenUSD version 20.05

Description An issue exists in the way Pixar OpenUSD handles certain encoded types, allowing an attacker to trigger an arbitrary out of bounds memory access in TfToken Type Index with a specially crafted malformed file. This could be used to bypass mitigations and aid further exploitation. The victim needs to access an attacker-provided malformed file to trigger this issue.

Recommendations For Pixar OpenUSD version 20.05, consider avoiding the use of files from untrusted sources until a patch is available. As a temporary workaround, restrict access to potentially malicious files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.