Описание
MaterialX is an open standard for the exchange of rich material and look-development content across applications and renderers. In version 1.39.2, when parsing shader nodes in a MTLX file, the MaterialXCore code accesses a potentially null pointer, which can lead to crashes with maliciously crafted files. An attacker could intentionally crash a target program that uses MaterialX by sending a malicious MTLX file. This is fixed in version 1.39.3.
Ссылки
- Patch
- Release Notes
- ExploitVendor Advisory
- Exploit
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:linuxfoundation:materialx:1.39.2:-:*:*:*:*:*:*
EPSS
Процентиль: 22%
0.00074
Низкий
7.5 High
CVSS3
Дефекты
CWE-476
Связанные уязвимости
github
6 месяцев назад
MaterialX Null Pointer Dereference in MaterialXCore Shader Generation due to Unchecked implGraphOutput
EPSS
Процентиль: 22%
0.00074
Низкий
7.5 High
CVSS3
Дефекты
CWE-476