PT-2020-18963 · Pixar · Pixar Openusd

Aleksandar Nikolic

Published

2020-11-13

Updated

2022-05-13

CVE-2020-6149

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Pixar OpenUSD version 20.05

Description A heap overflow issue exists when the software parses compressed sections in binary USD files. This can be triggered by opening a maliciously crafted file in the USDC file format PATHS section. The victim must open an attacker-provided malformed file to exploit this issue.

Recommendations For Pixar OpenUSD version 20.05, consider avoiding the use of compressed sections in binary USD files until a patch is available. As a temporary workaround, restrict the opening of files from untrusted sources to minimize the risk of exploitation.

Exploit

Fix

Heap Based Buffer Overflow

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-122CWE-787

Related Identifiers

CVE-2020-6149

Affected Products

Pixar Openusd

PT-2020-18963 · Pixar · Pixar Openusd

CVE-2020-6149

Weakness Enumeration

Related Identifiers

Affected Products

References · 6