Stack Exhaustion Vulnerability in MaterialX by Academy Software Foundation
CVE-2025-53009
5.5MEDIUM
What is CVE-2025-53009?
MaterialX, an open standard facilitating rich material exchange across applications, is vulnerable due to its XML parsing logic in versions 1.39.2 and earlier. It allows for potential crashes when processing MTLX files that contain multiple nested node graphs. By crafting a malicious MTLX file, an attacker could induce a stack exhaustion, leading to disruptions in programs using OpenEXR. This issue has been addressed in version 1.39.3, which users are encouraged to upgrade to in order to mitigate the risk.
Affected Version(s)
MaterialX >= 1.39.2, < 1.39.3