CVE-2020-13495

Name of the Vulnerable Software and Affected Versions Pixar OpenUSD version 20.05

Description A vulnerability exists in the way Pixar OpenUSD handles file offsets in binary USD files. A specially crafted malformed file can trigger an arbitrary out-of-bounds memory access, potentially leading to the disclosure of sensitive information. This issue could be used to bypass mitigations and aid additional exploitation. The victim needs to access an attacker-provided file to trigger the vulnerability.

Recommendations For Pixar OpenUSD version 20.05, avoid accessing files from untrusted sources until a patch is available. As a temporary workaround, consider restricting access to files that could potentially trigger the out-of-bounds memory access.