CVE-2020-6149: High severity pixar openusd vulnerability
Published Nov 13, 2020
·Updated
A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. To trigger this vulnerability, the victim needs to open an attacker-provided malformed file in an instance in USDC file format PATHS section.
Affected Software
1 affected component
Pixar OpenUSD=20.05
Event History
Nov 13, 2020
CVE Published
via MITRE·02:44 PM
Data Sourced
via MITRE·02:44 PM
DescriptionSeverityWeakness
Frequently Asked Questions
1
What is the vulnerability ID of this vulnerability?
The vulnerability ID of this vulnerability is CVE-2020-6149.
2
What is the severity of CVE-2020-6149?
The severity of CVE-2020-6149 is high with a CVSS score of 7.8.
3
Which software is affected by CVE-2020-6149?
The software affected by CVE-2020-6149 is Pixar OpenUSD 20.05.
4
How does the vulnerability in Pixar OpenUSD 20.05 occur?
The vulnerability occurs when the software parses compressed sections in binary USD files.
5
How can the vulnerability be triggered?
The vulnerability can be triggered by opening an attacker-provided malformed file in an instance in USDC file format PATHS section.