CVE-2025-11014
Publication date 26 September 2025
Last updated 1 October 2025
Ubuntu priority
Description
A security flaw has been discovered in OGRECave Ogre up to 14.4.1. This issue affects the function STBIImageCodec::encode of the file /ogre/PlugIns/STBICodec/src/OgreSTBICodec.cpp of the component Image Handler. The manipulation results in heap-based buffer overflow. The attack is only possible with local access. The exploit has been released to the public and may be exploited.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| ogre-1.12 | 26.04 LTS resolute |
Needs evaluation
|
| 25.10 questing |
Needs evaluation
|
|
| 24.04 LTS noble |
Needs evaluation
|
|
| 22.04 LTS jammy |
Needs evaluation
|
|
| 20.04 LTS focal |
Needs evaluation
|
Severity score breakdown
CVSS version: CVSS v3.0
Base score
5.3 · Medium
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L