Login Sign Up

CVE-2025-11014

5.3 MEDIUM
Buffer Overflow

📋 TL;DR

A heap-based buffer overflow vulnerability exists in OGRECave Ogre's STBIImageCodec::encode function, allowing local attackers to execute arbitrary code or crash applications. This affects systems running Ogre up to version 14.4.1 that process images using the STBICodec plugin. The vulnerability requires local access to exploit.

💻 Affected Systems

Products:
  • OGRECave Ogre
Versions: Up to and including 14.4.1
Operating Systems: All platforms running Ogre (Windows, Linux, macOS, etc.)
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability is in the STBICodec plugin used for image processing. Systems must use this codec to be vulnerable.

📦 What is this software?

Ogre by Ogre3d

View all CVEs affecting Ogre →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local privilege escalation leading to full system compromise, arbitrary code execution, or denial of service.

🟠

Likely Case

Application crash or limited code execution within the context of the vulnerable process.

🟢

If Mitigated

Minimal impact if proper access controls and sandboxing prevent local attackers from reaching vulnerable components.

🌐 Internet-Facing: LOW - Attack requires local access, not remotely exploitable.
🏢 Internal Only: MEDIUM - Local attackers with access to vulnerable systems could exploit this, but requires specific conditions.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Proof-of-concept exploit is publicly available in the GitHub references. Exploitation requires local access and specific image processing operations.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 14.4.2 or later

Vendor Advisory: https://github.com/OGRECave/ogre/issues/3445

Restart Required: No

Instructions:

1. Update Ogre to version 14.4.2 or later. 2. Recompile applications using Ogre with the updated library. 3. Replace any vulnerable Ogre installations with patched versions.

🔧 Temporary Workarounds

Disable STBICodec plugin

all

Remove or disable the vulnerable STBICodec plugin to prevent exploitation.

Remove OgreSTBICodec.dll/.so from plugin directory
Comment out STBICodec in plugins.cfg

🧯 If You Can't Patch

  • Implement strict access controls to limit local user privileges
  • Sandbox applications using Ogre to contain potential exploitation

🔍 How to Verify

Check if Vulnerable:

Check Ogre version and verify STBICodec plugin is present and active.

Check Version:

Check application documentation or build configuration for Ogre version

Verify Fix Applied:

Confirm Ogre version is 14.4.2 or later and verify the fix in the STBICodec source code.

📡 Detection & Monitoring

Log Indicators:

  • Application crashes related to image processing
  • Memory access violation errors in Ogre logs

Network Indicators:

  • None - local exploitation only

SIEM Query:

Search for process crashes with Ogre components or STBICodec-related errors

📊 Metadata

CVE ID: CVE-2025-11014
CVSS v3 Score: 5.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-119
EPSS Score: 0.04% exploit probability (11.6th percentile)
Published: September 26, 2025
Last Updated: October 16, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-11014, you might also want to check these:

CVE-2024-23613 10.0

A critical buffer overflow vulnerability in Symantec Deployment Solution 7.9 allows remote, unauthen...

Same vulnerability type (CWE-119)
CVE-2024-23615 10.0

A critical buffer overflow vulnerability in Symantec Messaging Gateway allows remote unauthenticated...

Same vulnerability type (CWE-119)
CVE-2026-2776 10.0

This CVE describes a sandbox escape vulnerability in Firefox's Telemetry component due to incorrect ...

Same vulnerability type (CWE-119)