OGRECave Ogre Heap-Based Buffer Overflow Vulnerability in STBIImageCodec Encoding Function
Vulnerability
A heap-based buffer overflow vulnerability has been identified in OGRECave Ogre versions through 14.4.1. The issue arises in the STBIImageCodec::encode function within the STBICodec plugin, specifically in the file OgreSTBICodec.cpp. This vulnerability allows for memory corruption by manipulating image data, leading to potential arbitrary code execution. The flaw can be exploited locally, and a proof-of-concept exploit has been made publicly available.
Impact
Exploitation of this vulnerability causes a heap-based buffer overflow, which can lead to memory corruption and potentially allow for arbitrary code execution.
Reproduction
The vulnerability can be reproduced by using a crafted PNG file that exploits the buffer size validation issue in the STBIImageCodec::encode function. This can be done by using the provided proof-of-concept fuzzer, which is available for download as part of the GitHub issue #3445 on the OGRECave repository.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.