CVE-2025-53012
BaseFortify
Publication date: 2025-08-01
Last updated on: 2025-11-06
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linuxfoundation | materialx | 1.39.2 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-400 | The product does not properly control the allocation and maintenance of a limited resource. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in MaterialX version 1.39.2 occurs because the software allows nested imports of MaterialX files without limiting the depth of the import chain. When parsing these nested imports, recursion is used, and without a limit on how deep this recursion can go, an attacker can create a very deep chain of file imports. This causes stack memory exhaustion, leading to a crash of the process using the MaterialX library. The issue is fixed in version 1.39.3.
How can this vulnerability impact me? :
This vulnerability can cause the application or process using the MaterialX library to crash due to stack memory exhaustion. This can lead to denial of service, interrupting normal operations and potentially causing loss of availability for users relying on the affected software.
What immediate steps should I take to mitigate this vulnerability?
Upgrade the MaterialX library to version 1.39.3 or later, where the issue with unlimited import chain depth causing stack exhaustion is fixed.