-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| usd-core | pip | <= 25.08 | 25.11 |
Miggo AIRoot Cause AnalysisThe analysis of the security advisory and the associated commit b9530922b6a8ea72cd43661226b693fff8abbe4c clearly indicates that the vulnerability is a use-after-free caused by improper validation when parsing OpenUSD's binary crate files. The commit message explicitly states, "Guard against invalid primChildren in crate files." The code changes are concentrated in pxr/usd/sdf/crateData.cpp, specifically within the Sdf_CrateDataImpl::_PopulateFromCrateFile function. The patch modifies this function to add validation for the primChildren field, which was previously missing. The vulnerable function is pxr::Sdf_CrateDataImpl::_PopulateFromCrateFile because it is the entry point for processing the malicious data from the file. The lack of validation within this function leads to a corrupted state, which is the root cause of the use-after-free vulnerability. The new functions _ValidateSpecChildren and _HasValidChildren are part of the fix, not the vulnerability itself. The vulnerability is triggered when a user opens a specially crafted .usdc file, which calls this parsing function.
pxr::Sdf_CrateDataImpl::_PopulateFromCrateFilepxr/usd/sdf/crateData.cpp
Ongoing coverage of React2Shell