CVE-2020-13531

Summary

A use-after-free vulnerability exists in a way Pixar OpenUSD 20.08 processes reference paths textual USD files. A specially crafted file can trigger the reuse of a freed memory which can result in further memory corruption and arbitrary code execution. To trigger this vulnerability, the victim needs to open an attacker-provided malformed file.

Affected Software

VendorProductVersion RangeStatus
n/aPixarPixar OpenUSD 20.08, Apple macOS Apple macOS Catalina 10.15.6affected

Weaknesses

  • CWE-416: CWE-416: Use After Free

ADP Enrichment

CVE Program Container

Additional References

References