CVE-2025-53011

MaterialX is an open standard for the exchange of rich material and look-development content across applications and renderers. In version 1.39.2, when parsing shader nodes in a MTLX file, the MaterialXCore code accesses a potentially null pointer, which can lead to crashes with maliciously crafted files. An attacker could intentionally crash a target program that uses MaterialX by sending a malicious MTLX file. This is fixed in version 1.39.3.
Configurations

Configuration 1 (hide)

cpe:2.3:a:linuxfoundation:materialx:1.39.2:-:*:*:*:*:*:*

History

20 Aug 2025, 21:24

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5
First Time Linuxfoundation
Linuxfoundation materialx
CPE cpe:2.3:a:linuxfoundation:materialx:1.39.2:-:*:*:*:*:*:*
References () https://github.com/AcademySoftwareFoundation/MaterialX/commit/7ac1c71de5187dc29793292b5a8dc6d784192ecf - () https://github.com/AcademySoftwareFoundation/MaterialX/commit/7ac1c71de5187dc29793292b5a8dc6d784192ecf - Patch
References () https://github.com/AcademySoftwareFoundation/MaterialX/releases/tag/v1.39.3 - () https://github.com/AcademySoftwareFoundation/MaterialX/releases/tag/v1.39.3 - Release Notes
References () https://github.com/AcademySoftwareFoundation/MaterialX/security/advisories/GHSA-7qw8-3vmf-gj32 - () https://github.com/AcademySoftwareFoundation/MaterialX/security/advisories/GHSA-7qw8-3vmf-gj32 - Exploit, Vendor Advisory
References () https://github.com/ShielderSec/poc/tree/main/CVE-2025-53011 - () https://github.com/ShielderSec/poc/tree/main/CVE-2025-53011 - Exploit

04 Aug 2025, 15:06

Type Values Removed Values Added
Summary
  • (es) MaterialX es un estándar abierto para el intercambio de contenido de desarrollo visual y de materiales enriquecidos entre aplicaciones y renderizadores. En la versión 1.39.2, al analizar nodos de sombreado en un archivo MTLX, el código de MaterialXCore accede a un puntero potencialmente nulo, lo que puede provocar fallos con archivos maliciosos. Un atacante podría bloquear intencionalmente un programa objetivo que use MaterialX enviando un archivo MTLX malicioso. Esto se solucionó en la versión 1.39.3.

01 Aug 2025, 18:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-08-01 18:15

Updated : 2025-08-20 21:24


NVD link : CVE-2025-53011

Mitre link : CVE-2025-53011

CVE.ORG link : CVE-2025-53011


JSON object : View

Products Affected

linuxfoundation

  • materialx
CWE
CWE-476

NULL Pointer Dereference