· Jimmy Ly · Vulnerabilities
Integer Overflow in Bullet3 STL Mesh Parser
We found an integer overflow in Bullet3's STL mesh loader where a crafted triangle count bypasses the sanity check, causing the parser to read 4 GB from an 88-byte heap buffer.