CVE-2020-6150

Vulnerability

A heap-based buffer overflow vulnerability exists in Pixar OpenUSD version 20.05 when processing the SPECS section of a USDC file. The issue occurs during decompression of section data in crateFile.cpp. If the file format version is 4 or higher, sections are compressed, and a specially crafted malformed file can trigger a heap overflow [1].

Exploitation

An attacker can exploit this vulnerability by providing a malicious USD file to a user. The user must open the file (e.g., via macOS thumbnail rendering or iMessage attachment). No authentication or special privileges are required. The attacker needs to craft a USDC file with manipulated compressed data in the SPECS section that causes a heap overflow during decompression [1].

Impact

Successful exploitation could allow an attacker to execute arbitrary code in the context of the user's process. This could lead to full compromise of the affected system, including confidentiality, integrity, and availability. The CVSSv3 score is 8.8, indicating high severity [1].

Mitigation

As of the publication date (2020-11-13), no official patch has been released by Pixar. Users should avoid opening untrusted USD files from unverified sources. System administrators may consider disabling automatic thumbnail generation for USD files until a fix is available [1].