CVE-2022-42268

Name of the Vulnerable Software and Affected Versions Omniverse Kit (affected versions not specified)

Description The issue allows executable Python code to be embedded in Universal Scene Description (USD) files, which can be used to customize scenes in various applications, including Create, Audio2Face, Isaac Sim, View, Code, and Machinima. When a user opens a USD file containing embedded Python code, the code runs with the user's privileges. This could be exploited by an unprivileged remote attacker who crafts a USD file with malicious Python code, potentially leading to information disclosure, data tampering, and denial of service if a local user is persuaded to open the file.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.