QwikSec

Security Database

CVE

CWE

Training

CVE-2025-53012

Published: Aug 1, 2025

Modified: Aug 1, 2025

PUBLISHED

Description

MaterialX is an open standard for the exchange of rich material and look-development content across applications and renderers. In version 1.39.2, nested imports of MaterialX files can lead to a crash via stack memory exhaustion, due to the lack of a limit on the "import chain" depth. When parsing file imports, recursion is used to process nested files; however, there is no limit imposed to the depth of files that can be parsed by the library. By building a sufficiently deep chain of MaterialX files one referencing the next, it is possible to crash the process using the MaterialX library via stack exhaustion. This is fixed in version 1.39.3.

Vendor	Product	Versions
AcademySoftwareFoundation	MaterialX	affected `>= 1.39.2, < 1.39.3`

Weaknesses (CWE)

References

https://github.com/AcademySoftwareFoundation/MaterialX/security/advisories/GHSA-qc2h-74x3-4v3w

x_refsource_CONFIRM

https://github.com/AcademySoftwareFoundation/MaterialX/pull/2233/commits/6182c07467297416a30d148ab531d81198686dc5

x_refsource_MISC

https://github.com/AcademySoftwareFoundation/MaterialX/blob/main/documents/Specification/MaterialX.Specification.md#mtlx-file-format-definition

x_refsource_MISC

https://github.com/AcademySoftwareFoundation/MaterialX/releases/tag/v1.39.3

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.