CVE-2020-6148

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2020-6148

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-6148.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-6148

Published

2020-11-13T15:15:12.797Z

Modified

2026-03-14T10:32:23.601552Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. An instance exists in USDC file format FIELDSETS section decompression heap overflow.

References

https://talosintelligence.com/vulnerability_reports/TALOS-2020-1094

Affected packages

Git / github.com/pixaranimationstudios/usd

Affected ranges

Type

GIT

Repo

https://github.com/pixaranimationstudios/usd

Events

Introduced

Last affected

ebac0a8b6703f4fa1c27115f1f013bb9819662f4

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "20.05"
        }
    ]
}

Affected versions

v0.*

v0.7.0

v0.7.1

v0.7.2

v0.7.3

v0.7.4

v0.7.5

v0.7.6

v0.8.0

v0.8.1

v0.8.2

v0.8.3

v0.8.4

v0.8.5

v0.8.5a

v18.*

v18.09

v18.11

v19.*

v19.01

v19.03

v19.05

v19.07

v19.11

v20.*

v20.02

v20.05

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-6148.json"