Name of the Vulnerable Software and Affected Versions:

MaterialX version 1.39.2

Description:

MaterialX is an open standard for the exchange of rich material and look-development content across applications and renderers. When parsing shader nodes in a MTLX file, the MaterialXCore code accesses a potentially null pointer, which can lead to crashes with maliciously crafted files. An attacker could intentionally crash a target program that uses OpenEXR by sending a malicious MTLX file.

Recommendations:

Update to version 1.39.3 or later.