MaterialX Null Pointer Dereference Vulnerability in Shader Node Parsing
Vulnerability
A null pointer dereference vulnerability has been identified in MaterialX version 1.39.2. When the MaterialXCore library parses shader nodes from a MTLX file, it can inadvertently access a null pointer. This issue arises in the 'getShaderNodes' function within 'Material.cpp', where the code fails to properly check if a node graph output string is valid before attempting to retrieve connected output nodes. As a result, a maliciously crafted MTLX file can cause programs using OpenEXR to crash.
Impact
Exploitation of this vulnerability leads to a crash of the application processing the MTLX file, such as one that uses OpenEXR.
Reproduction
The vulnerability can be reproduced by using the 'MaterialXView' application to open a MTLX file that has been crafted to include shader nodes which will trigger the null pointer dereference. This can be done by downloading the 'nullptr_getshadernodes.mltx' file from the 'ShielderSec' GitHub repository, which contains the necessary payload to exploit the vulnerability.
Remediation
Users can upgrade to MaterialX version 1.39.3 or later, where this vulnerability has been fixed.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.