Vulnerabilities
Projects
Vulnerability Disclosure
About Us
Contact Us
Mend.io Vulnerability Database
What is a WS vulnerability ID?
What is an MSC vulnerability ID?
We found results for “”
CVE-2025-53009
Good to know:
Date: August 1, 2025
Summary When parsing an MTLX file with multiple nested "nodegraph" implementations, the MaterialX XML parsing logic can potentially crash due to stack exhaustion. Details By specification, multiple kinds of elements in MTLX support nesting other elements, such as in the case of "nodegraph" elements. Parsing these subtrees is implemented via recursion, and since there is no max depth imposed on the XML document, this can lead to a stack overflow when the library parses an MTLX file with an excessively high number of nested elements. PoC Please download the "recursion_overflow.mtlx" file from the following link: https://github.com/ShielderSec/poc/tree/main/CVE-2025-53009 "build/bin/MaterialXView --material recursion_overflow.mtlx" Impact An attacker could intentionally crash a target program that uses OpenEXR by sending a malicious MTLX file.
Severity Score
Related Resources (8)
Severity Score
Weakness Type (CWE)
Stack-based Buffer Overflow
CWE-121Top Fix
CVSS v3.1
| Base Score: |
|
|---|---|
| Attack Vector (AV): | NETWORK |
| Attack Complexity (AC): | LOW |
| Privileges Required (PR): | NONE |
| User Interaction (UI): | NONE |
| Scope (S): | UNCHANGED |
| Confidentiality (C): | NONE |
| Integrity (I): | NONE |
| Availability (A): | HIGH |