CVE-2020-13497

Name of the Vulnerable Software and Affected Versions Pixar OpenUSD version 20.05

Description An issue exists in the way Pixar OpenUSD handles certain encoded types, allowing an arbitrary out of bounds memory access in String Type Index. This can be triggered by a specially crafted malformed file, potentially aiding further exploitation by bypassing mitigations. The victim must access an attacker-provided malformed file to trigger this issue.

Recommendations For Pixar OpenUSD version 20.05, consider avoiding the use of files from untrusted sources until a fix is available. As a temporary workaround, restrict access to potentially malicious files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.