CVE-2025-53011
BaseFortify
Publication date: 2025-08-01
Last updated on: 2025-08-20
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linuxfoundation | materialx | 1.39.2 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-476 | The product dereferences a pointer that it expects to be valid but is NULL. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs in MaterialX version 1.39.2 when parsing shader nodes in a MTLX file. The MaterialXCore code accesses a potentially null pointer, which can cause the program to crash if it processes a maliciously crafted file. An attacker can exploit this by sending a malicious MTLX file to intentionally crash a program using MaterialX.
How can this vulnerability impact me? :
The vulnerability can cause programs that use MaterialX to crash when processing malicious MTLX files. This can lead to denial of service, interrupting normal operations of applications relying on MaterialX for material and look-development content exchange.
What immediate steps should I take to mitigate this vulnerability?
Update MaterialX to version 1.39.3 or later, as this version contains the fix for the vulnerability. Avoid processing untrusted or maliciously crafted MTLX files until the update is applied.