CVE-2020-6155

Name of the Vulnerable Software and Affected Versions Pixar OpenUSD version 20.05

Description A heap overflow issue exists when parsing compressed value rep arrays in binary USD files. This can be triggered by a specially crafted malformed file, potentially leading to remote code execution. The victim must access an attacker-provided malformed file to trigger this issue.

Recommendations For Pixar OpenUSD version 20.05, consider avoiding the use of compressed value rep arrays in binary USD files until a patch is available. As a temporary workaround, restrict access to files from untrusted sources to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.