Aleksandar Nikolic of Cisco Talos discovered these vulnerabilities. Blog by Aleksandar Nikolic and Jon Munshaw.
Pixar OpenUSD contains multiple vulnerabilities that attackers could exploit to carry out a variety of malicious actions.
OpenUSD stands for “Open Universal Scene Descriptor.” Pixar uses this software for several types of animation tasks, including swapping arbitrary 3-D scenes that are composed of many different elements. Aimed at professional animation studios, the software is designed for scalability and speed as a pipeline connecting various aspects of the digital animation process. It is mostly expected to process trusted inputs in most use cases. This stands at odds with security considerations.