CVE-2025-53009

Опубликовано: 01 авг. 2025

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

MaterialX is an open standard for the exchange of rich material and look-development content across applications and renderers. In versions 1.39.2 and below, when parsing an MTLX file with multiple nested nodegraph implementations, the MaterialX XML parsing logic can potentially crash due to stack exhaustion. An attacker could intentionally crash a target program that uses OpenEXR by sending a malicious MTLX file. This is fixed in version 1.39.3.

Ссылки

https://github.com/AcademySoftwareFoundation/MaterialX/issues/2504
Issue Tracking
https://github.com/AcademySoftwareFoundation/MaterialX/pull/2505
Issue Tracking
Patch
https://github.com/AcademySoftwareFoundation/MaterialX/releases/tag/v1.39.3
Release Notes
https://github.com/AcademySoftwareFoundation/MaterialX/security/advisories/GHSA-wx6g-fm6f-w822
Exploit
Vendor Advisory
https://github.com/ShielderSec/poc/tree/main/CVE-2025-53009
Exploit

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:linuxfoundation:materialx:1.39.2:-:*:*:*:*:*:*

EPSS

Процентиль: 55%

0.00324

Низкий

7.5 High

CVSS3

Дефекты

CWE-121

Связанные уязвимости

GHSA-wx6g-fm6f-w822

github

6 месяцев назад

MaterialX Stack Overflow via Lack of MTLX XML Parsing Recursion Limit