UBUNTU-CVE-2025-11015

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2025-11015

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-11015.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2025-11015

Upstream

CVE-2025-11015

Published

2025-09-26T14:15:00Z

Modified

2026-05-20T16:20:19.473874085Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVSS Calculator
1.9 (Low) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P CVSS Calculator
Ubuntu - medium

Summary

[none]

Details

A weakness has been identified in OGRECave Ogre up to 14.4.1. Impacted is the function STBIImageCodec::encode of the file /ogre/PlugIns/STBICodec/src/OgreSTBICodec.cpp. This manipulation causes mismatched memory management routines. The attack is restricted to local execution. The exploit has been made available to the public and could be exploited.

References

Affected packages

Ubuntu:20.04:LTS / ogre-1.12

Package

Name: ogre-1.12
Purl: pkg:deb/ubuntu/ogre-1.12?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.12.4+dfsg1-4

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libogre-1.12",
            "binary_version": "1.12.4+dfsg1-4"
        },
        {
            "binary_name": "ogre-1.12-tools",
            "binary_version": "1.12.4+dfsg1-4"
        },
        {
            "binary_name": "python3-ogre-1.12",
            "binary_version": "1.12.4+dfsg1-4"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-11015.json"

Ubuntu:22.04:LTS / ogre-1.12

Package

Name: ogre-1.12
Purl: pkg:deb/ubuntu/ogre-1.12?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.12.10+dfsg2-1.2

1.12.10+dfsg2-1.2build1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libogre1.12.10",
            "binary_version": "1.12.10+dfsg2-1.2build1"
        },
        {
            "binary_name": "ogre-1.12-tools",
            "binary_version": "1.12.10+dfsg2-1.2build1"
        },
        {
            "binary_name": "python3-ogre-1.12",
            "binary_version": "1.12.10+dfsg2-1.2build1"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-11015.json"

Ubuntu:24.04:LTS / ogre-1.12

Package

Name: ogre-1.12
Purl: pkg:deb/ubuntu/ogre-1.12?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.12.10+dfsg2-3build1

1.12.10+dfsg2-3build2

1.12.10+dfsg2-3.1~exp1ubuntu2

1.12.10+dfsg2-3.1~exp1ubuntu3

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libogre1.12.10t64",
            "binary_version": "1.12.10+dfsg2-3.1~exp1ubuntu3"
        },
        {
            "binary_name": "ogre-1.12-tools",
            "binary_version": "1.12.10+dfsg2-3.1~exp1ubuntu3"
        },
        {
            "binary_name": "python3-ogre-1.12",
            "binary_version": "1.12.10+dfsg2-3.1~exp1ubuntu3"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-11015.json"

Ubuntu:25.10 / ogre-1.12

Package

Name: ogre-1.12
Purl: pkg:deb/ubuntu/ogre-1.12?arch=source&distro=questing

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.12.10+dfsg2-6build1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libogre1.12.10t64",
            "binary_version": "1.12.10+dfsg2-6build1"
        },
        {
            "binary_name": "ogre-1.12-tools",
            "binary_version": "1.12.10+dfsg2-6build1"
        },
        {
            "binary_name": "python3-ogre-1.12",
            "binary_version": "1.12.10+dfsg2-6build1"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-11015.json"

Ubuntu:26.04:LTS / ogre-1.12

Package

Name: ogre-1.12
Purl: pkg:deb/ubuntu/ogre-1.12?arch=source&distro=resolute

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.12.10+dfsg2-6build1

1.12.10+dfsg2-7

1.12.10+dfsg2-8

1.12.10+dfsg2-9

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libogre1.12.10t64",
            "binary_version": "1.12.10+dfsg2-9"
        },
        {
            "binary_name": "ogre-1.12-tools",
            "binary_version": "1.12.10+dfsg2-9"
        },
        {
            "binary_name": "python3-ogre-1.12",
            "binary_version": "1.12.10+dfsg2-9"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-11015.json"