CVE-2020-6155

Vulnerability

A heap overflow vulnerability exists in Pixar OpenUSD 20.05 while parsing compressed value rep arrays in binary USD files [1]. The binary file format contains a 'reps' array with encoded 64-bit integers; when decoding these values, two distinct code paths can trigger a heap-based buffer overflow [1]. The vulnerability requires the victim to open a specially crafted malformed binary USD file [1]. Affected version includes Pixar OpenUSD 20.05 [1].

Exploitation

An attacker can exploit this vulnerability by crafting a malicious binary USD file and delivering it to the victim via vectors such as email, web download, or iMessage sharing [1]. On macOS, these files are automatically processed to generate thumbnails, while on iOS they require user interaction (e.g., opening the file in an app that uses ModelIO/ARKit) [1]. No authentication or privileged access is needed; the victim only needs to access the malicious file [1].

Impact

Successful exploitation leads to remote code execution with the privileges of the victim's user [1]. The heap overflow can corrupt memory, allowing the attacker to execute arbitrary code, leading to complete compromise of confidentiality, integrity, and availability (CVSS 8.8) [1].

Mitigation

As of the publication date (2020-11-13), no patched version has been released [1]. Users should avoid opening untrusted binary USD files and monitor Pixar OpenUSD for security updates [1]. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities (KEV) catalog as of this writing.