CVE-2020-13524

Name of the Vulnerable Software and Affected Versions Pixar OpenUSD version 20.05

Description An out-of-bounds memory corruption issue exists due to the way Pixar OpenUSD uses SPECS data from binary USD files. A specially crafted malformed file can trigger an out-of-bounds memory access and modification, resulting in memory corruption. The victim needs to access an attacker-provided malformed file to trigger this issue.

Recommendations For Pixar OpenUSD version 20.05, consider applying improved input validation to address the out-of-bounds read issue. As a temporary workaround, restrict access to malformed binary USD files to minimize the risk of exploitation. Avoid using Pixar OpenUSD to open untrusted or attacker-provided files until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.