CVE-2020-13498

Name of the Vulnerable Software and Affected Versions Pixar OpenUSD version 20.05

Description An issue exists in the way Pixar OpenUSD handles certain encoded types, allowing a specially crafted malformed file to trigger an arbitrary out of bounds memory access. This could lead to information disclosure and potentially aid further exploitation by bypassing mitigations. The victim must access an attacker-provided malformed file to trigger the issue.

Recommendations For Pixar OpenUSD version 20.05, consider avoiding the use of files from untrusted sources until a patch is available. As a temporary workaround, restrict access to potentially malicious files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.