Home

Description

Stack-based buffer overflow in LoadOFF in bulletphysics bullet3 before 3.26 on all platforms allows remote attackers to execute arbitrary code via a crafted OFF file with an overlong initial token processed by the VHACD test utility or invoked indirectly through PyBullet's vhacd function.

PUBLISHED Reserved 2025-08-11 | Published 2025-08-11 | Updated 2025-08-11 | Assigner CyberArk




HIGH: 8.4CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Product status

Default status
unaffected

<= 3.25
affected

Timeline

2024-12-01:Initial vendor notification (no response)
2025-08-10:Public disclosure via GitHub issue

Credits

Simcha Kosman finder

References

github.com/...ob/master/Extras/VHACD/test/src/main_vhacd.cpp

github.com/bulletphysics/bullet3/issues/4732

cve.org (CVE-2025-8854)

nvd.nist.gov (CVE-2025-8854)

Download JSON