CVE-2020-13531

Name of the Vulnerable Software and Affected Versions Pixar OpenUSD version 20.08

Description A use-after-free issue exists in the way Pixar OpenUSD processes reference paths in textual USD files. This can be triggered by a specially crafted file, leading to the reuse of freed memory, which may result in further memory corruption and arbitrary code execution. The victim must open a malformed file provided by an attacker to trigger this issue.

Recommendations For Pixar OpenUSD version 20.08, consider avoiding the use of reference paths in textual USD files until a patch is available. As a temporary workaround, restrict the opening of files from untrusted sources to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.