CVE-2025-53010

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-53010

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-53010.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-53010

Aliases

GHSA-3jhf-gxhr-q4cx

Published

2025-08-01T18:15:54Z

Modified

2025-08-02T12:00:41.283059Z

Summary

[none]

Details

MaterialX is an open standard for the exchange of rich material and look-development content across applications and renderers. In version 1.39.2, when parsing shader nodes in a MTLX file, the MaterialXCore code accesses a potentially null pointer, which can lead to crashes with maliciously crafted files. An attacker could intentionally crash a target program that uses OpenEXR by sending a malicious MTLX file. This is fixed in version 1.39.3.

References

Affected packages

Git / github.com/academysoftwarefoundation/materialx

Affected ranges

Type: GIT
Repo: https://github.com/academysoftwarefoundation/materialx
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

e13344ba13326869d7820b444705f24d56fab73d

Affected versions

v1.*

v1.35.2

v1.35.3

v1.35.4

v1.35.5

v1.36.0

v1.36.1

v1.36.2

v1.36.3

v1.36.4

v1.36.5

v1.37.0

v1.37.1

v1.37.2

v1.37.3

v1.37.4

v1.38.0

v1.38.1

v1.38.10

v1.38.2

v1.38.3

v1.38.4

v1.38.5

v1.38.6

v1.38.7

v1.38.8

v1.38.9

v1.39.0

v1.39.1

v1.39.1-rc1

v1.39.1-rc2

v1.39.2

v1.39.2-rc1