Описание
MaterialX is an open standard for the exchange of rich material and look-development content across applications and renderers. In version 1.39.2, when parsing shader nodes in a MTLX file, the MaterialXCore code accesses a potentially null pointer, which can lead to crashes with maliciously crafted files. An attacker could intentionally crash a target program that uses OpenEXR by sending a malicious MTLX file. This is fixed in version 1.39.3.
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:linuxfoundation:materialx:1.39.2:-:*:*:*:*:*:*
EPSS
Процентиль: 19%
0.00059
Низкий
7.5 High
CVSS3
Дефекты
CWE-476
Связанные уязвимости
github
6 месяцев назад
MaterialX Null Pointer Dereference in getShaderNodes due to Unchecked nodeGraph->getOutput return
EPSS
Процентиль: 19%
0.00059
Низкий
7.5 High
CVSS3
Дефекты
CWE-476