CVE-2020-13524

CVE-2020-13524 is an out-of-bounds memory corruption vulnerability in Pixar OpenUSD 20.05 that occurs when parsing SPECS data from binary USD files. A specially crafted malformed USD file can trigger an out-of-bounds memory access/modification, leading to memory corruption. Exploitation details a...

CVE-2020-13494

A heap overflow vulnerability exists in the Pixar OpenUSD 20.05 parsing of compressed string tokens in binary USD files. A specially crafted malformed file can trigger a heap overflow which can result in out of bounds memory access which could lead to information disclosure. This vulnerability...

CVE-2020-13498

An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 handles parses certain encoded types. A specially crafted malformed file can trigger an arbitrary out of bounds memory access which could lead to information disclosure. This vulnerability could be used to bypass mitigations and a...

Design/Logic Flaw

An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 handles parses certain encoded types. A specially crafted malformed file can trigger an arbitrary out of bounds memory access in String Type Index. This vulnerability could be used to bypass mitigations and aid further exploitatio...

CVE-2020-13496

CVE-2020-13496 affects Pixar OpenUSD 20.05. The TALOS report documents a TfToken Type Index Out Of Bounds Read in the crate parsing path: the code retrieves a token index without proper bounds checks, leading to an out-of-bounds access to the _tokens array and potential information disclosure or ...

CVE-2020-13493

Pixar OpenUSD 20.05 is affected by a set of heap overflow vulnerabilities in the USDC file format when parsing compressed sections. The TALOS report details multiple CVEs (CVE-2020-6147, -6148, -6149, -6150, -6156) where buffers sized from file-provided counts (numFields, numFieldSets, numPaths, ...

Pixar OpenUSD Buffer Error Vulnerability

Pixar OpenUSD is a software from the American company Pixar Pixar that generates 3D computer scenes. The software is widely used in the animation and game industries for designing 3D scenes. A security vulnerability exists in Pixar OpenUSD 20.05 that stems from an exploitable flaw in the way it...

CVE-2020-6155

A heap overflow vulnerability exists in the Pixar OpenUSD 20.05 while parsing compressed value rep arrays in binary USD files. A specially crafted malformed file can trigger a heap overflow, which can result in remote code execution. To trigger this vulnerability, the victim needs to access an...

CVE-2020-6147

A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. This instance exists in the USDC file format FIELDS section decompression heap overflow...

Pixar OpenUSD binary file format offset seek information leak vulnerability

Summary An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 handles file offsets in binary USD files. A specially crafted malformed file can trigger an arbitrary out-of-bounds memory access that could lead to the disclosure of sensitive information. This vulnerability could be used...

Pixar OpenUSD Binary File Format Compressed Value Reps Code Execution Vulnerabilities

Summary A heap overflow vulnerability exists in the Pixar OpenUSD 20.05 while parsing compressed value rep arrays in binary USD files. A specially crafted malformed file can trigger a heap overflow, which can result in remote code execution. To trigger this vulnerability, the victim needs to acce...