CVE-2025-53010
BaseFortify
Publication date: 2025-08-01
Last updated on: 2025-08-20
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linuxfoundation | materialx | 1.39.2 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-476 | The product dereferences a pointer that it expects to be valid but is NULL. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs in MaterialX version 1.39.2 when parsing shader nodes in a MTLX file. The MaterialXCore code accesses a potentially null pointer, which can cause the program to crash if it processes a maliciously crafted MTLX file. Essentially, an attacker can create a specially designed file that triggers this null pointer access, leading to a crash in applications using MaterialX.
How can this vulnerability impact me? :
The vulnerability can cause applications that use MaterialX to crash when they process malicious MTLX files. This could be exploited by an attacker to intentionally disrupt the availability of the affected software, leading to denial of service.
What immediate steps should I take to mitigate this vulnerability?
Update MaterialX to version 1.39.3 or later, as this version contains the fix for the vulnerability. Avoid processing untrusted or maliciously crafted MTLX files until the update is applied.