CVE-2025-53009

Medium CVSS: 5.5

MaterialX is an open standard for the exchange of rich material and look-development content across applications and renderers. In versions 1.39.2 and below, when parsing an MTLX file with multiple nested nodegraph implementations, the MaterialX XML parsing logic can potentially crash due to stack exhaustion. An attacker could intentionally crash a target program that uses OpenEXR by sending a malicious MTLX file. This is fixed in version 1.39.3.

Vendor

Linuxfoundation

Product

Materialx

CWE

CWE-121

Yayın Tarihi

2025-08-01 18:15:54

Güncelleme

2025-08-20 21:24:28

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-121 Materialx MEDIUM Linuxfoundation 2025

Referanslar

https://github.com/AcademySoftwareFoundation/MaterialX/issues/2504 https://github.com/AcademySoftwareFoundation/MaterialX/pull/2505 https://github.com/AcademySoftwareFoundation/MaterialX/releases/tag/v1.39.3 https://github.com/AcademySoftwareFoundation/MaterialX/security/advisories/GHSA-wx6g-fm6f-w822 https://github.com/ShielderSec/poc/tree/main/CVE-2025-53009

Benzer Kayıtlar

High

CVE-2026-27489

Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. Prior to version 1.21.0,…

Critical

CVE-2026-33701

OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries for Java. I…

Medium

CVE-2026-33015

EVerest is an EV charging software stack. Prior to version 2026.02.0, even immediately after CSMS performs a RemoteStop…

High

CVE-2026-33009

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to C++ UB (potential memo…

Medium

CVE-2026-33014

EVerest is an EV charging software stack. Prior to version 2026.02.0, during RemoteStop processing, a delayed authorizat…

Medium

CVE-2026-27815

EVerest is an EV charging software stack. Prior to versions to 2026.02.0, ISO15118_chargerImpl::handle_session_setup cop…