Login Sign Up

CVE-2020-6149

7.8 HIGH

📋 TL;DR

A heap overflow vulnerability in Pixar OpenUSD 20.05 allows attackers to execute arbitrary code or cause denial of service by tricking users into opening specially crafted USD binary files. This affects any application or service that processes USDC file format files using vulnerable OpenUSD libraries.

💻 Affected Systems

Products:
  • Pixar OpenUSD
Versions: 20.05 specifically (CVE-2020-6149 targets this exact version)
Operating Systems: All platforms running OpenUSD 20.05
Default Config Vulnerable: ⚠️ Yes
Notes: Any application using OpenUSD 20.05 libraries to parse USDC files is vulnerable. This includes 3D modeling, animation, and visualization software.

📦 What is this software?

Openusd by Pixar

View all CVEs affecting Openusd →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with the privileges of the user opening the malicious file, potentially leading to full system compromise.

🟠

Likely Case

Application crash (denial of service) when processing malformed files, with potential for code execution in targeted attacks.

🟢

If Mitigated

Limited to denial of service if memory protections (ASLR, DEP) are effective, or blocked entirely by file validation.

🌐 Internet-Facing: MEDIUM - Requires user interaction to open malicious files, but could be exploited via web services processing USD files.
🏢 Internal Only: MEDIUM - Internal users could be targeted via phishing or shared malicious files.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires crafting a malicious USDC file with malformed compressed sections in the PATHS section. The Talos report includes technical details that could facilitate exploitation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: OpenUSD versions after 20.05 (20.08 or later)

Vendor Advisory: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1094

Restart Required: Yes

Instructions:

1. Upgrade OpenUSD to version 20.08 or later. 2. Rebuild any applications using OpenUSD libraries. 3. Restart affected services or applications.

🔧 Temporary Workarounds

File validation filter

all

Implement file validation to reject malformed USDC files before processing

Sandbox USD file processing

all

Run USD file processing in isolated containers or sandboxes with limited privileges

🧯 If You Can't Patch

  • Implement strict file upload controls and user education about opening untrusted USD files
  • Use application allowlisting to prevent execution of vulnerable USD processing components

🔍 How to Verify

Check if Vulnerable:

Check if OpenUSD version is 20.05 using 'usdview --version' or check library versions in applications

Check Version:

usdview --version 2>&1 | grep -i version

Verify Fix Applied:

Confirm OpenUSD version is 20.08 or later and test with known safe USD files

📡 Detection & Monitoring

Log Indicators:

  • Application crashes when processing USD files
  • Memory access violation errors in application logs

Network Indicators:

  • Unusual file uploads with .usdc extension
  • Network transfers of USD files to vulnerable systems

SIEM Query:

source="application.log" AND ("segmentation fault" OR "access violation" OR "heap corruption") AND "usd"

📊 Metadata

CVE ID: CVE-2020-6149
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-122
Published: November 13, 2020
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-6149, you might also want to check these:

CVE-2021-21940 10.0

A heap-based buffer overflow vulnerability in Anker Eufy Homebase 2's RTSP handling allows remote co...

Same vulnerability type (CWE-122)
CVE-2023-45318 10.0

This critical vulnerability allows remote attackers to execute arbitrary code on systems running Wes...

Same vulnerability type (CWE-122)
CVE-2025-23123 10.0

A heap buffer overflow vulnerability in UniFi Protect Camera firmware allows remote code execution. ...

Same vulnerability type (CWE-122)