Description
A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. This instance exists in the USDC file format FIELDS section decompression heap overflow.
References (2)
Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1094
Mailing List, Third Party Advisory mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2020/Nov/20
Scores
CVSS v3
7.8
EPSS
0.0021
EPSS Percentile
43.6%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-122
CWE-787
Status
published
Products (3)
apple/ipados
< 14.0
apple/iphone_os
< 14.0
pixar/openusd
20.05
Published
Nov 13, 2020
Tracked Since
Feb 18, 2026