CNNVD-202509-4105 Information

CNNVD ID

CNNVD-202509-4105

Related CVE

CVE-2025-11015

• CNNVD Published: 2025-09-26

Description (Chinese)

ogre是OGRECave开源的一个面向场景的3D引擎。 ogre 14.4.1及之前版本存在安全漏洞，该漏洞源于STBIImageCodec::encode函数存在内存管理不匹配问题，可能导致本地执行攻击。

Description (English)

ogre is a 3D-oriented 3D engine for the Ogrecave Open Source. There is a security loophole in the ogre 14.4.1 and earlier versions, which stems from the memory management mismatch in the STBIImageCode:encode function, which may lead to a local execution attack.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

OGRECave

Published

2025-09-26

Last Modified

2026-02-24

References

https://github.com/OGRECave/ogre/issues/3446 https://github.com/user-attachments/files/22328216/poc.zip https://vuldb.com/?ctiid.325958 https://vuldb.com/?id.325958 https://vuldb.com/?submit.654340 https://access.redhat.com/security/cve/cve-2025-11015