CVE-2025-53010

MaterialX CVE-2025-53010 involves a NULL pointer dereference in MaterialXCore when parsing shader nodes in MTLX files. Specifically, nodeGraph->getOutput may return null, and downstream code calls output->getConnectedNode(), which crashes. Affected path occurs when an input references a Nod...

CVE-2025-53012

MaterialX 1.39.2 contains a stack-exhaustion vulnerability in its import processing due to no limit on import chain depth. Nested file imports trigger recursion without depth restrictions, allowing an attacker to crash or stall a process parsing MaterialX files. The issue is fixed in MaterialX 1....

CVE-2025-53009

MaterialX (v1.39.2 and earlier) is vulnerable to a Denial of Service due to a stack-exhaustion flaw when parsing MTLX files with deeply nested nodegraph constructs. The root cause is unbounded recursion during XML parsing, which can crash target software that uses MaterialX/OpenEXR when handling ...

CVE-2025-53011

MaterialX CVE-2025-53011 is a NULL pointer dereference in MaterialXCore while parsing MTLX shader nodes. The bug occurs in 1.39.2 due to not checking implGraphOutput for null, enabling a crafted MTLX file to crash affected programs. Remediation is to upgrade to MaterialX 1.39.3 (or newer). A PoC ...