Primary

Context

MaterialX Null Pointer Dereference Vulnerability in Shader Node Parsing

Vulnerability

A null pointer dereference vulnerability has been identified in MaterialX version 1.39.2. When the MaterialXCore library parses shader nodes from a MTLX file, it accesses a pointer that may be null, potentially leading to program crashes. This issue can be exploited by sending a maliciously crafted MTLX file to a program that uses MaterialX, causing it to crash. The vulnerability has been patched in version 1.39.3.

Impact

Exploitation of this vulnerability can cause a program that uses MaterialX to crash.

Reproduction

To reproduce this vulnerability, use MaterialX version 1.39.2 and open a MTLX file that has been crafted to exploit the null pointer dereference. This can be done using the MaterialXViewer application. The MTLX file 'nullptr_implgraph.mtlx' available in the GitHub repository 'ShielderSec/poc' can be used as a proof of concept.

Remediation

Users can upgrade to MaterialX version 1.39.3, where this vulnerability has been fixed.

Added: Aug 1, 2025, 7:00 PM

Updated: Aug 1, 2025, 7:00 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

7.7

relevance

0.3

threat

6.4

urgency

2.9

incentive

5.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

7.7

relevance

0.3

threat

6.4

urgency

2.9

incentive

5.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

MaterialX Null Pointer Dereference Vulnerability in Shader Node Parsing

Vulnerability

Impact

Reproduction

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating