CVE-2025-11014

A security flaw has been discovered in OGRECave Ogre up to 14.4.1. This issue affects the function STBIImageCodec::encode of the file /ogre/PlugIns/STBICodec/src/OgreSTBICodec.cpp of the component Image Handler. The manipulation results in heap-based buffer overflow. The attack is only possible with local access. The exploit has been released to the public and may be exploited.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.3 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
VulDBCNA
5.3 MEDIUM
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 8%
VendorProductVersion
ogre3dogre
𝑥
≤ 14.4.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/OGRECave/ogre/issues/3445
https://github.com/user-attachments/files/22326665/poc.zip
https://vuldb.com/?ctiid.325957
https://vuldb.com/?id.325957
https://vuldb.com/?submit.654269
https://github.com/OGRECave/ogre/issues/3445
https://github.com/user-attachments/files/22326665/poc.zip