{"id":"CVE-2025-8854","details":"Stack-based buffer overflow in LoadOFF in bulletphysics bullet3 before 3.26 on all platforms allows remote attackers to execute arbitrary code via a crafted OFF file with an overlong initial token processed by the VHACD test utility or invoked indirectly through PyBullet's vhacd function.","modified":"2026-04-10T05:42:19.759691Z","published":"2025-08-11T05:15:27.187Z","references":[{"type":"WEB","url":"https://github.com/bulletphysics/bullet3/blob/master/Extras/VHACD/test/src/main_vhacd.cpp#L472"},{"type":"REPORT","url":"https://github.com/bulletphysics/bullet3/issues/4732"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/bulletphysics/bullet3","events":[{"introduced":"0"},{"last_affected":"2c204c49e56ed15ec5fcfa71d199ab6d6570b3f5"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"3.25"}]}}],"versions":["2.83","2.83.4","2.83.5","2.83.6","2.83.7","2.84","2.85","2.85.1","2.86","2.86.1","2.87","2.88","2.89","3.05","3.06","3.07","3.08","3.09","3.17","3.21","3.22","3.22a","3.22b","3.23","3.24","3.25"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-8854.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}