OGRECave Ogre OgreSTBICodec.cpp encode mismatched memory management routines_CVE-2025-11015

4.8 / 10

MEDIUM

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A weakness has been identified in OGRECave Ogre up to 14.4.1. Impacted is the function STBIImageCodec::encode of the file /ogre/PlugIns/STBICodec/src/OgreSTBICodec.cpp. This manipulation causes mismatched memory management routines. The attack is restricted to local execution. The exploit has been made available to the public and could be exploited.

Basic Information

ID CVE-2025-11015

Source VulDB

Published Sep 26, 2025 at 13:32

Affected Product

Vendor OGRECave

Product Ogre

Version 14.4.0

Affected Versions OGRECave Ogre 14.4.0
OGRECave Ogre 14.4.1

CWE Classification

CWE-762 CWE-119

References

{
    "lastseen": "",
    "description": "A weakness has been identified in OGRECave Ogre up to 14.4.1. Impacted is the function STBIImageCodec::encode of the file /ogre/PlugIns/STBICodec/src/OgreSTBICodec.cpp. This manipulation causes mismatched memory management routines. The attack is restricted to local execution. The exploit has been made available to the public and could be exploited.",
    "published": "2025-09-26T13:32:06.704Z",
    "modified": "2025-09-26T13:32:06.704Z",
    "type": "cve",
    "title": "OGRECave Ogre OgreSTBICodec.cpp encode mismatched memory management routines",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.325958\nhttps://vuldb.com/?ctiid.325958\nhttps://vuldb.com/?submit.654340\nhttps://github.com/OGRECave/ogre/issues/3446\nhttps://github.com/user-attachments/files/22328216/poc.zip",
    "id": "CVE-2025-11015",
    "bulletinFamily": "",
    "cwe": [
        "CWE-762",
        "CWE-119"
    ],
    "cvelist": null,
    "sourceData": "OGRECave Ogre 14.4.0\nOGRECave Ogre 14.4.1",
    "sourceHref": "",
    "cvss": {
        "score": 4.8,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Ogre",
    "version": "14.4.0",
    "vendor": "OGRECave",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}