CVE-2025-53011: MaterialX Null Pointer Dereference in MaterialXCore Shader Generation due to Unchecked implGraphOutput
(updated )
When parsing shader nodes in a MTLX file, the MaterialXCore code accesses a potentially null pointer, which can lead to crashes with maliciously crafted files.
References
- github.com/AcademySoftwareFoundation/MaterialX
- github.com/AcademySoftwareFoundation/MaterialX/commit/7ac1c71de5187dc29793292b5a8dc6d784192ecf
- github.com/AcademySoftwareFoundation/MaterialX/releases/tag/v1.39.3
- github.com/AcademySoftwareFoundation/MaterialX/security/advisories/GHSA-7qw8-3vmf-gj32
- github.com/ShielderSec/poc/tree/main/CVE-2025-53011
- github.com/advisories/GHSA-7qw8-3vmf-gj32
- nvd.nist.gov/vuln/detail/CVE-2025-53011
Code Behaviors & Features
Detect and mitigate CVE-2025-53011 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →