CVE-2020-6156

Name of the Vulnerable Software and Affected Versions Pixar OpenUSD version 20.05

Description A heap overflow issue exists when the software parses compressed sections in binary USD files. This can be triggered by opening a malformed file in a specific USDC file format path element token index, provided by an attacker.

Recommendations For Pixar OpenUSD version 20.05, avoid opening files from untrusted sources, especially those that may be malformed, to minimize the risk of exploitation. As a temporary workaround, consider restricting the use of the binary USD file parsing functionality until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.