CNNVD-202508-071 Information
CNNVD ID
CNNVD-202508-071
Related CVE
- CNNVD Published: 2025-08-01
Description (Chinese)
MaterialX是Academy Software Foundation开源的一个材料渲染软件。 MaterialX 1.39.2版本存在资源管理错误漏洞,该漏洞源于嵌套导入文件时缺乏深度限制,可能导致栈内存耗尽。
Description (English)
MaterialX is an open-source material rendering software for Academy Software Foundation. MatterialX 1.39.2 contains a resource management error loophole, which stems from the lack of depth limits when embedded files are imported, which may lead to the depletion of the contents.
Hazard Level
Medium
Vulnerability Type
资源管理错误
Affected Vendor
Academy Software Foundation
Published
2025-08-01
Last Modified
2026-02-24
References
https://github.com/AcademySoftwareFoundation/MaterialX/releases/tag/v1.39.3 https://github.com/AcademySoftwareFoundation/MaterialX/security/advisories/GHSA-qc2h-74x3-4v3w https://github.com/AcademySoftwareFoundation/MaterialX/pull/2233/commits/6182c07467297416a30d148ab531d81198686dc5 https://github.com/AcademySoftwareFoundation/MaterialX/blob/main/documents/Specification/MaterialX.Specification.md#mtlx-file-format-definition https://access.redhat.com/security/cve/cve-2025-53012 https://nvd.nist.gov/vuln/detail/CVE-2025-53012