Key Information Vulnerability Overview CVE ID: CVE-2025-8854 Vulnerability Type: Stack-based Buffer Overflow Affected Component: bullet3: Extras/VHACD/test/src/main_vhacd.cpp (function LoadOFF) Vulnerability Details Description: The OFF parser in the VHACD tool uses an unbounded format to read into a fixed-size stack buffer, leading to a buffer overflow. - Relevant code location: Extras/VHACD/test/src/main_vhacd.cpp#L472 - Code snippet: Impact Scope of Impact: A specially crafted OFF file with an initial token exceeding 1024 bytes will trigger a stack buffer overflow, potentially causing crashes and code execution (depending on compiler/stack protection mechanisms). Reproduction Steps Reproduction Method: Create an OFF file where the first token exceeds 1024 bytes (excluding whitespace), then run the VHACD tool. In test environments, the Python API also crashes when processing such OFF files. - Example code: Recommended Fix Minimal Fix Recommendation: - Use bounded reading and check return value: