CVE-2025-53009— MaterialX Stack Overflow via Lack of MTLX XML Parsing Recursion Limit
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-53009
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
MaterialX Stack Overflow via Lack of MTLX XML Parsing Recursion Limit
Source: NVD (National Vulnerability Database)
Vulnerability Description
MaterialX is an open standard for the exchange of rich material and look-development content across applications and renderers. In versions 1.39.2 and below, when parsing an MTLX file with multiple nested nodegraph implementations, the MaterialX XML parsing logic can potentially crash due to stack exhaustion. An attacker could intentionally crash a target program that uses OpenEXR by sending a malicious MTLX file. This is fixed in version 1.39.3.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
栈缓冲区溢出
Source: NVD (National Vulnerability Database)
Vulnerability Title
MaterialX 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
MaterialX是Academy Software Foundation开源的一个材料渲染软件。 MaterialX 1.39.2及之前版本存在安全漏洞,该漏洞源于解析MTLX文件时存在栈耗尽问题,可能导致程序崩溃。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| AcademySoftwareFoundation | MaterialX | >= 1.39.2, < 1.39.3 | - |
II. Public POCs for CVE-2025-53009
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-53009
请登录查看更多情报信息。
Same Patch Batch · AcademySoftwareFoundation · 2025-08-01 · 5 CVEs total
| CVE-2025-48074 | OpenEXR's Unbounded File Header Values can Lead to Out-Of-Memory Errors | |
| CVE-2025-53012 | MaterialX's Lack of Import Depth Limit Leads to DoS (Denial-Of-Service) Via Stack Exhausti | |
| CVE-2025-53010 | MaterialX's unchecked nodeGraph->getOutput return is vulnerable to NULL Pointer Dereferenc | |
| CVE-2025-53011 | MaterialX is Vulnerable to NULL Pointer Dereference due to Unchecked implGraphOutput |
IV. Related Vulnerabilities
Same vendor: AcademySoftwareFoundation
- CVE-2026-42217
OpenEXR: Shift exponent overflow in `readVariableLengthInteg - CVE-2026-42216
OpenEXR: Out-of-bounds read in `IDManifest::init()` during p - CVE-2026-41142
OpenEXR is Vulnerable to Integer overflow in ImageChannel::r - CVE-2026-7582
AcademySoftwareFoundation OpenImageIO DDS Image ddsinput.cpp - CVE-2026-40250
OpenEXR has integer overflow in DWA decoder outBufferEnd poi
Same weakness: CWE-121
- CVE-2026-8258
Squirrel sqstdstring.cpp validate_format stack-based overflo - CVE-2026-8234
EFM ipTIME A8004T WifiBasicSet formWifiBasicSet stack-based - CVE-2026-6665
PgBouncer buffer overflow in SCRAM - CVE-2026-41509
Integer underflow in crypto_sign_open() leads to buffer over - CVE-2026-8138
Tenda CX12L SetPptpServerCfg” formSetPPTPServer stack-based
V. Comments for CVE-2025-53009
No comments yet