CVE-2025-53012: MaterialX Lack of MTLX Import Depth Limit Leads to DoS (Denial-Of-Service) Via Stack Exhaustion
(updated )
Nested imports of MaterialX files can lead to a crash via stack memory exhaustion, due to the lack of a limit on the “import chain” depth.
References
- github.com/AcademySoftwareFoundation/MaterialX
- github.com/AcademySoftwareFoundation/MaterialX/blob/main/documents/Specification/MaterialX.Specification.md
- github.com/AcademySoftwareFoundation/MaterialX/pull/2233/commits/6182c07467297416a30d148ab531d81198686dc5
- github.com/AcademySoftwareFoundation/MaterialX/releases/tag/v1.39.3
- github.com/AcademySoftwareFoundation/MaterialX/security/advisories/GHSA-qc2h-74x3-4v3w
- github.com/advisories/GHSA-qc2h-74x3-4v3w
- nvd.nist.gov/vuln/detail/CVE-2025-53012
Code Behaviors & Features
Detect and mitigate CVE-2025-53012 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →