Vulnerability	Vulnerable Version
H Use After Free usd-core is a Pixar's Universal Scene Description Affected versions of this package are vulnerable to Use After Free. Affected versions of the usd-core package are vulnerable to Use-After-Free due to unsynchronised destruction of `Sdf_PrimPathNode` objects in the `Sdf_PathNode` module that permits access to freed memory. The `pxr/usd/sdf/path.cpp` code path involving `Sdf_PrimPathNode::~Sdf_PrimPathNode` can be exercised concurrently, creating a race in which one thread frees a node while another continues to reference it, as evidenced by crashes observed across OpenUSD tools such as `sdfdump`, `usdtree`, `usdcat`, and `sdffilter`. How to fix Use After Free? Upgrade `usd-core` to version 25.8 or higher.	[,25.8)

Use After Free

usd-core is a Pixar's Universal Scene Description

Affected versions of this package are vulnerable to Use After Free. Affected versions of the usd-core package are vulnerable to Use-After-Free due to unsynchronised destruction of Sdf_PrimPathNode objects in the Sdf_PathNode module that permits access to freed memory. The pxr/usd/sdf/path.cpp code path involving Sdf_PrimPathNode::~Sdf_PrimPathNode can be exercised concurrently, creating a race in which one thread frees a node while another continues to reference it, as evidenced by crashes observed across OpenUSD tools such as sdfdump, usdtree, usdcat, and sdffilter.

How to fix Use After Free?

Upgrade usd-core to version 25.8 or higher.

[,25.8)

Go back to all versions of this package