Vulnerability Spotlight: Walt Disney Per-Face Texture Mapping faceInfoSize Code Execution Vulnerability
This vulnerability was discovered by Tyler Bohan of Cisco Talos.
Walt Disney PTEX is an open source software application maintained by Walt Disney Animation Studios. It is designed for use in post-production rendering. It allows for the storage of thousands of texture mappings within a single file. This particular software library is in many other software applications such as Pixar’s RenderMan, giving it a large install base. A list of other applications that have incorporated PTEX is available here. Talos has recently discovered a stack-based buffer overflow in PTEX that could potentially allow a remote attacker to execute arbitrary code on affected systems.