Thez3Ro

**Name of the Vulnerable Software and Affected Versions** MaterialX version 1.39.2 **Description** MaterialX is an open standard for the exchange of rich material and look-development content across applications and renderers. Nested imports of MaterialX files can lead to a crash due to stack memory exhaustion. This occurs because the library lacks a limit on the depth of the "import chain" when parsing file imports, utilizing recursion without depth restrictions. Constructing a deeply nested chain of MaterialX files referencing each other can exhaust the stack memory, causing a process crash. **Recommendations** Update to version 1.39.3 or later.

**Name of the Vulnerable Software and Affected Versions** MaterialX versions prior to 1.39.3 **Description** MaterialX is an open standard for the exchange of rich material and look-development content across applications and renderers. When parsing shader nodes in a MTLX file, the MaterialXCore code accesses a potentially null pointer, which can lead to crashes with maliciously crafted files. An attacker could intentionally crash a target program that uses MaterialX by sending a malicious MTLX file. **Recommendations** Update to MaterialX version 1.39.3 or later.

**Name of the Vulnerable Software and Affected Versions** MaterialX version 1.39.2 **Description** MaterialX is an open standard for the exchange of rich material and look-development content across applications and renderers. When parsing shader nodes in a MTLX file, the MaterialXCore code accesses a potentially null pointer, which can lead to crashes with maliciously crafted files. An attacker could intentionally crash a target program that uses OpenEXR by sending a malicious MTLX file. **Recommendations** Update to version 1.39.3 or later.

**Name of the Vulnerable Software and Affected Versions** OpenEXR versions 3.3.0 through 3.3.2 **Description** OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. A heap-based buffer overflow occurs during a write operation when decompressing ZIPS-packed deep scan-line EXR files with a maliciously forged chunk header. **Recommendations** Update to version 3.3.3 or later.

**Name of the Vulnerable Software and Affected Versions** OpenEXR versions prior to 3.3.3 **Description** OpenEXR, an image storage format used in the motion picture industry, contains a flaw. A heap-based buffer overflow can occur during a read operation when decompressing DWAA-packed scan-line EXR files with a maliciously forged chunk. The issue is due to bad pointer math. **Recommendations** Update to version 3.3.3 or later.

**Name of the Vulnerable Software and Affected Versions** OpenEXR versions 3.3.2 **Description** OpenEXR is an image storage format used in the motion picture industry. A NULL pointer dereference can occur in a write operation when reading a deep scanline image with a large sample count in reduceMemory mode in version 3.3.2, potentially causing a target application to crash. **Recommendations** Update to version 3.3.3 or later.

**Name of the Vulnerable Software and Affected Versions** OpenEXR versions prior to 3.3.3 **Description** OpenEXR is an image storage format used in the motion picture industry. Versions prior to 3.3.3 trust unvalidated dataWindow size values from file headers, potentially leading to excessive memory allocation and performance degradation when processing malicious files. **Recommendations** Update to version 3.3.3 or later.

**Name of the Vulnerable Software and Affected Versions** MaterialX versions 1.39.2 and below **Description** MaterialX is an open standard for the exchange of rich material and look-development content across applications and renderers. The MaterialX XML parsing logic can potentially crash due to stack exhaustion when parsing an MTLX file with multiple nested nodegraph implementations. An attacker could intentionally crash a target program that uses OpenEXR by sending a malicious MTLX file. **Recommendations** Update to version 1.39.3 or later.

**Name of the Vulnerable Software and Affected Versions** Element Android versions 0.91.0 through 1.6.12 **Description** A third-party malicious application installed on the same phone can force Element Android to share files stored under the `files` directory in the application's private data directory to an arbitrary room. The impact of the attack is reduced by the fact that the databases stored in this folder are encrypted. However, it contains some other potentially sensitive information, such as the FCM token. **Recommendations** For Element Android versions 0.91.0 through 1.6.11, update to version 1.6.12 to resolve the issue. For forks of Element Android which have set `android:exported="false"` in the `AndroidManifest.xml` file for the `IncomingShareActivity` activity, no action is required as they are not impacted.

**Name of the Vulnerable Software and Affected Versions** Element Android versions 1.4.3 through 1.6.10 **Description** The issue allows a third-party malicious application to start any internal activity by passing some extra parameters, potentially making Element Android display an arbitrary web page, executing arbitrary JavaScript, bypassing PIN code protection, and enabling account takeover by spawning a login screen to send credentials to an arbitrary home server. **Recommendations** For Element Android versions 1.4.3 through 1.6.10, update to version 1.6.12 to resolve the issue. At the moment, there is no known workaround to mitigate the issue for these versions.