CVE-2020-6148Heap-based Buffer Overflow in Openusd

CWE-122Heap-based Buffer OverflowCWE-787Out-of-bounds Write3 documents3 sources
Severity
7.8HIGHNVD
EPSS
0.2%
top 56.08%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Pixar Openusd
Timeline
PublishedNov 13
Latest updateMay 24

Description

A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. An instance exists in USDC file format FIELDSETS section decompression heap overflow.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages1 packages

NVDpixar/openusd20.05

🔴Vulnerability Details

2
GHSA
GHSA-8j77-5wmx-mgjf: A heap overflow vulnerability exists in Pixar OpenUSD 202022-05-24
CVEList
CVE-2020-6148: A heap overflow vulnerability exists in Pixar OpenUSD 202020-11-13
CVE-2020-6148 — Heap-based Buffer Overflow in Openusd | cvebase