CVE-2025-53009
BaseFortify
Publication date: 2025-08-01
Last updated on: 2025-08-20
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linuxfoundation | materialx | 1.39.2 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in MaterialX versions 1.39.2 and below, where parsing an MTLX file containing multiple nested nodegraph implementations can cause the XML parsing logic to crash due to stack exhaustion. An attacker can exploit this by sending a malicious MTLX file to intentionally crash a program that uses OpenEXR.
How can this vulnerability impact me? :
The vulnerability can cause a denial of service by crashing the target program that uses OpenEXR when it processes a specially crafted malicious MTLX file. This could disrupt normal operations or availability of the affected software.
What immediate steps should I take to mitigate this vulnerability?
Update MaterialX to version 1.39.3 or later, as this version contains the fix for the stack exhaustion crash caused by parsing malicious MTLX files. Avoid processing untrusted or malicious MTLX files until the update is applied.