Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-53011— MaterialX is Vulnerable to NULL Pointer Dereference due to Unchecked implGraphOutput

EPSS 0.12% · P31
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2025-53011

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
MaterialX is Vulnerable to NULL Pointer Dereference due to Unchecked implGraphOutput
Source: NVD (National Vulnerability Database)
Vulnerability Description
MaterialX is an open standard for the exchange of rich material and look-development content across applications and renderers. In version 1.39.2, when parsing shader nodes in a MTLX file, the MaterialXCore code accesses a potentially null pointer, which can lead to crashes with maliciously crafted files. An attacker could intentionally crash a target program that uses MaterialX by sending a malicious MTLX file. This is fixed in version 1.39.3.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
空指针解引用
Source: NVD (National Vulnerability Database)
Vulnerability Title
MaterialX 代码问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
MaterialX是Academy Software Foundation开源的一个材料渲染软件。 MaterialX 1.39.2版本存在代码问题漏洞,该漏洞源于解析着色器节点时可能访问空指针,可能导致程序崩溃。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
AcademySoftwareFoundationMaterialX >= 1.39.2, < 1.39.3 -

II. Public POCs for CVE-2025-53011

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2025-53011

登录查看更多情报信息。

Same Patch Batch · AcademySoftwareFoundation · 2025-08-01 · 5 CVEs total

CVE-2025-48074OpenEXR's Unbounded File Header Values can Lead to Out-Of-Memory Errors
CVE-2025-53012MaterialX's Lack of Import Depth Limit Leads to DoS (Denial-Of-Service) Via Stack Exhausti
CVE-2025-53010MaterialX's unchecked nodeGraph->getOutput return is vulnerable to NULL Pointer Dereferenc
CVE-2025-53009MaterialX Stack Overflow via Lack of MTLX XML Parsing Recursion Limit

IV. Related Vulnerabilities

Same product: MaterialX
Same vendor: AcademySoftwareFoundation
Same weakness: CWE-476

V. Comments for CVE-2025-53011

No comments yet

Leave a comment