MaterialX Stack Exhaustion Vulnerability Leading to Denial-of-Service

A denial-of-service vulnerability has been identified in MaterialX versions through 1.39.2. The issue arises when the software parses an MTLX file containing multiple nested nodegraph elements. The lack of a maximum depth limit in the XML parsing process can lead to stack exhaustion, causing the application to crash. This vulnerability can be exploited by sending a maliciously crafted MTLX file to a program that uses OpenEXR, which would then fail to process the file and instead terminate unexpectedly.

Impact

Exploitation of this vulnerability causes a stack overflow, leading to a crash of the application processing the MTLX file.

Reproduction

The vulnerability can be reproduced by loading an MTLX file with excessive nesting of nodegraph elements into a program that uses MaterialX, such as the MaterialX Viewer. This can be done by using the 'open_pbr_surface_to_standard_surface' conversion node, which, when nested, can create a stack overflow during parsing.

Remediation

Users can upgrade to MaterialX version 1.39.3, which addresses the vulnerability by adding validation checks to prevent excessive recursion during XML parsing.