CVE-2025-8854

Name of the Vulnerable Software and Affected Versions: bulletphysics bullet3 versions prior to 3.26

Description: A stack-based buffer overflow exists in the LoadOFF function within bulletphysics bullet3. This issue allows remote attackers to execute arbitrary code by processing a crafted OFF file containing an overlong initial token. The vulnerability can be triggered directly through the VHACD test utility or indirectly via the vhacd function in PyBullet.

Recommendations: Update to a version of bulletphysics bullet3 version 3.26 or later.