Name of the Vulnerable Software and Affected Versions:

MaterialX version 1.39.2

Description:

MaterialX is an open standard for the exchange of rich material and look-development content across applications and renderers. Nested imports of MaterialX files can lead to a crash due to stack memory exhaustion. This occurs because the library lacks a limit on the depth of the "import chain" when parsing file imports, utilizing recursion without depth restrictions. Constructing a deeply nested chain of MaterialX files referencing each other can exhaust the stack memory, causing a process crash.

Recommendations:

Update to version 1.39.3 or later.