56 matches found
GHSA-WX6G-FM6F-W822 MaterialX Stack Overflow via Lack of MTLX XML Parsing Recursion Limit
Summary When parsing an MTLX file with multiple nested nodegraph implementations, the MaterialX XML parsing logic can potentially crash due to stack exhaustion. Details By specification, multiple kinds of elements in MTLX support nesting other elements, such as in the case of nodegraph elements...
MaterialX Null Pointer Dereference in MaterialXCore Shader Generation due to Unchecked implGraphOutput
Summary When parsing shader nodes in a MTLX file, the MaterialXCore code accesses a potentially null pointer, which can lead to crashes with maliciously crafted files. Details In source/MaterialXCore/Material.cpp, the following code extracts the output nodes for a given implementation graph: cpp...
materialxgltf (=1.38.9.1), materialxjson (=1.38.9) +1 more potentially affected by CVE-2025-53011 via materialx (=1.38.9)
materialx PYPI version =1.38.9 is affected by a known vulnerability. The following packages have a transitive dependency on materialx and may be impacted: - materialxgltf =1.38.9.1 - materialxjson =1.38.9 - quiltix =0.6.0, =0.7.0 Source cves: CVE-2025-53011 Source advisory:...
NULL Pointer Dereference
Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the getShaderNodes function. An attacker can cause a crash by providing a specially crafted MTLX file that triggers a null pointer dereference during shader node parsing. Details Denial of Service DoS...
NULL Pointer Dereference
Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the getShaderNodes function. An attacker can cause a crash by providing a specially crafted MTLX file that triggers a null pointer dereference during shader node parsing. Details Denial of Service DoS...
MaterialX Null Pointer Dereference in getShaderNodes due to Unchecked nodeGraph->getOutput return
Summary When parsing shader nodes in a MTLX file, the MaterialXCore code accesses a potentially null pointer, which can lead to crashes with maliciously crafted files. Details In src/MaterialXCore/Material.cpp, in function getShaderNodes, the following code fetches the output nodes for a given...
GHSA-3JHF-GXHR-Q4CX MaterialX Null Pointer Dereference in getShaderNodes due to Unchecked nodeGraph->getOutput return
Summary When parsing shader nodes in a MTLX file, the MaterialXCore code accesses a potentially null pointer, which can lead to crashes with maliciously crafted files. Details In src/MaterialXCore/Material.cpp, in function getShaderNodes, the following code fetches the output nodes for a given...
NULL Pointer Dereference
Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the getShaderNodes function when processing shader nodes from a crafted input file. An attacker can cause the application to crash by supplying a file that triggers a null pointer dereference during output no...
CVE-2025-53012
creationtimestamp| type| source ---|---|--- 2025-07-31 15:42:08+00:00| published-proof-of-concept| https://github.com/AcademySoftwareFoundation/MaterialX/security/advisories/GHSA-qc2h-74x3-4v3w...
CVE-2025-53011
creationtimestamp| type| source ---|---|--- 2025-07-31 15:41:50+00:00| published-proof-of-concept| https://github.com/AcademySoftwareFoundation/MaterialX/security/advisories/GHSA-7qw8-3vmf-gj32...
CVE-2025-53010
creationtimestamp| type| source ---|---|--- 2025-07-31 15:41:12+00:00| published-proof-of-concept| https://github.com/AcademySoftwareFoundation/MaterialX/security/advisories/GHSA-3jhf-gxhr-q4cx...
PT-2025-31591
Name of the Vulnerable Software and Affected Versions MaterialX versions prior to 1.39.3 Description MaterialX is an open standard for the exchange of rich material and look-development content across applications and renderers. When parsing shader nodes in a MTLX file, the MaterialXCore code...
PT-2025-31672
Name of the Vulnerable Software and Affected Versions MaterialX version 1.39.2 Description MaterialX is an open standard for the exchange of rich material and look-development content across applications and renderers. Nested imports of MaterialX files can lead to a crash due to stack memory...
PT-2025-31590
Name of the Vulnerable Software and Affected Versions MaterialX versions 1.39.2 and below Description MaterialX is an open standard for the exchange of rich material and look-development content across applications and renderers. The MaterialX XML parsing logic can potentially crash due to stack...
PT-2025-31671
Name of the Vulnerable Software and Affected Versions MaterialX version 1.39.2 Description MaterialX is an open standard for the exchange of rich material and look-development content across applications and renderers. When parsing shader nodes in a MTLX file, the MaterialXCore code accesses a...
Stack Based Buffer Overflow
MaterialX is vulnerable to stack-based buffer overflow. The vulnerability is due to the lack of a limit on nested file import recursion, which allows an attacker to craft deeply chained MaterialX file imports leading to a crash of the process...