Lucene search
K

56 matches found

OSV
OSV
added 2025/07/31 7:37 p.m.5 views

GHSA-WX6G-FM6F-W822 MaterialX Stack Overflow via Lack of MTLX XML Parsing Recursion Limit

Summary When parsing an MTLX file with multiple nested nodegraph implementations, the MaterialX XML parsing logic can potentially crash due to stack exhaustion. Details By specification, multiple kinds of elements in MTLX support nesting other elements, such as in the case of nodegraph elements...

6.9CVSS6.5AI score0.00605EPSS
Exploits1References8
Github Security Blog
Github Security Blog
added 2025/07/31 6:31 p.m.10 views

MaterialX Null Pointer Dereference in MaterialXCore Shader Generation due to Unchecked implGraphOutput

Summary When parsing shader nodes in a MTLX file, the MaterialXCore code accesses a potentially null pointer, which can lead to crashes with maliciously crafted files. Details In source/MaterialXCore/Material.cpp, the following code extracts the output nodes for a given implementation graph: cpp...

7.5CVSS6.8AI score0.00516EPSS
Exploits1References6Affected Software1
vulnersOsv
vulnersOsv
added 2025/07/31 6:31 p.m.4 views

materialxgltf (=1.38.9.1), materialxjson (=1.38.9) +1 more potentially affected by CVE-2025-53011 via materialx (=1.38.9)

materialx PYPI version =1.38.9 is affected by a known vulnerability. The following packages have a transitive dependency on materialx and may be impacted: - materialxgltf =1.38.9.1 - materialxjson =1.38.9 - quiltix =0.6.0, =0.7.0 Source cves: CVE-2025-53011 Source advisory:...

7.5CVSS5.8AI score0.00516EPSS
Exploits1
Snyk
Snyk
added 2025/07/31 6:31 p.m.1 views

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the getShaderNodes function. An attacker can cause a crash by providing a specially crafted MTLX file that triggers a null pointer dereference during shader node parsing. Details Denial of Service DoS...

7.5CVSS7.1AI score0.00516EPSS
Exploits1References2
Snyk
Snyk
added 2025/07/31 6:31 p.m.4 views

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the getShaderNodes function. An attacker can cause a crash by providing a specially crafted MTLX file that triggers a null pointer dereference during shader node parsing. Details Denial of Service DoS...

7.5CVSS5.9AI score0.00516EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2025/07/31 6:31 p.m.12 views

MaterialX Null Pointer Dereference in getShaderNodes due to Unchecked nodeGraph->getOutput return

Summary When parsing shader nodes in a MTLX file, the MaterialXCore code accesses a potentially null pointer, which can lead to crashes with maliciously crafted files. Details In src/MaterialXCore/Material.cpp, in function getShaderNodes, the following code fetches the output nodes for a given...

7.5CVSS6.8AI score0.00463EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2025/07/31 6:31 p.m.5 views

GHSA-3JHF-GXHR-Q4CX MaterialX Null Pointer Dereference in getShaderNodes due to Unchecked nodeGraph->getOutput return

Summary When parsing shader nodes in a MTLX file, the MaterialXCore code accesses a potentially null pointer, which can lead to crashes with maliciously crafted files. Details In src/MaterialXCore/Material.cpp, in function getShaderNodes, the following code fetches the output nodes for a given...

5.1CVSS7.2AI score0.00463EPSS
Exploits1References5
Snyk
Snyk
added 2025/07/31 6:31 p.m.7 views

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the getShaderNodes function when processing shader nodes from a crafted input file. An attacker can cause the application to crash by supplying a file that triggers a null pointer dereference during output no...

7.5CVSS6.8AI score0.00463EPSS
Exploits1References2
Circl
Circl
added 2025/07/31 3:42 p.m.8 views

CVE-2025-53012

creationtimestamp| type| source ---|---|--- 2025-07-31 15:42:08+00:00| published-proof-of-concept| https://github.com/AcademySoftwareFoundation/MaterialX/security/advisories/GHSA-qc2h-74x3-4v3w...

7.5CVSS5.8AI score0.00818EPSS
Exploits1References1
Circl
Circl
added 2025/07/31 3:41 p.m.8 views

CVE-2025-53011

creationtimestamp| type| source ---|---|--- 2025-07-31 15:41:50+00:00| published-proof-of-concept| https://github.com/AcademySoftwareFoundation/MaterialX/security/advisories/GHSA-7qw8-3vmf-gj32...

7.5CVSS5.8AI score0.00516EPSS
Exploits1References1
Circl
Circl
added 2025/07/31 3:41 p.m.7 views

CVE-2025-53010

creationtimestamp| type| source ---|---|--- 2025-07-31 15:41:12+00:00| published-proof-of-concept| https://github.com/AcademySoftwareFoundation/MaterialX/security/advisories/GHSA-3jhf-gxhr-q4cx...

7.5CVSS5.8AI score0.00463EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/07/31 12:0 a.m.8 views

PT-2025-31591

Name of the Vulnerable Software and Affected Versions MaterialX versions prior to 1.39.3 Description MaterialX is an open standard for the exchange of rich material and look-development content across applications and renderers. When parsing shader nodes in a MTLX file, the MaterialXCore code...

7.5CVSS6AI score0.00516EPSS
Exploits1References14
Positive Technologies
Positive Technologies
added 2025/07/31 12:0 a.m.9 views

PT-2025-31672

Name of the Vulnerable Software and Affected Versions MaterialX version 1.39.2 Description MaterialX is an open standard for the exchange of rich material and look-development content across applications and renderers. Nested imports of MaterialX files can lead to a crash due to stack memory...

7.5CVSS6AI score0.00818EPSS
Exploits1References13
Positive Technologies
Positive Technologies
added 2025/07/31 12:0 a.m.9 views

PT-2025-31590

Name of the Vulnerable Software and Affected Versions MaterialX versions 1.39.2 and below Description MaterialX is an open standard for the exchange of rich material and look-development content across applications and renderers. The MaterialX XML parsing logic can potentially crash due to stack...

7.5CVSS6AI score0.00605EPSS
Exploits1References17
Positive Technologies
Positive Technologies
added 2025/07/31 12:0 a.m.6 views

PT-2025-31671

Name of the Vulnerable Software and Affected Versions MaterialX version 1.39.2 Description MaterialX is an open standard for the exchange of rich material and look-development content across applications and renderers. When parsing shader nodes in a MTLX file, the MaterialXCore code accesses a...

7.5CVSS6.7AI score0.00463EPSS
Exploits1References13
Veracode
Veracode
added 2025/05/20 6:33 a.m.4 views

Stack Based Buffer Overflow

MaterialX is vulnerable to stack-based buffer overflow. The vulnerability is due to the lack of a limit on nested file import recursion, which allows an attacker to craft deeply chained MaterialX file imports leading to a crash of the process...

7.5CVSS7.2AI score0.00818EPSS
Exploits1References6Affected Software1
Rows per page
Query Builder