What happened?
The FiveM client experiences a fatal crash with an Access Violation (0xc0000005 - INVALID_POINTER_WRITE). The crash occurs at GTA5_b3258.exe+14D237 when the game attempts to write vector/SIMD data to an unmapped or invalid memory address (movaps xmmword ptr [rcx],xmm9).
I strongly suspect this crash is being intentionally triggered by a malicious user (cheater) exploiting a vulnerability on the server to crash other clients.
Legacy crash hash: oxygen-north-fish
Expected result
The game engine should gracefully handle the corrupted memory operation or invalid network event without faulting, and the client should not crash.
Reproduction steps
- Join the server and play normally.
- A suspected malicious user (cheater) executes an unknown exploit, triggers a broken network event, or spawns a corrupted entity nearby.
- The client freezes for a brief moment and crashes, generating the
oxygen-north-fish hash without any specific action taken by the victim.
Importancy
Crash
Area(s)
FiveM
Specific version(s)
- Client Game Build: 3095 (Dump references
GTA5_b3258.exe) * Server Artifacts: 26803 * OS: Windows 10 Version 19045 (10.0.19041.1)
Additional information
Stack Trace:
GTA5_b3258.exe+14D237
GTA5_b3258.exe+13DF43C
GTA5_b3258.exe+F7D1AB
GTA5_b3258.exe+F7A811
GTA5_b3258.exe+5781A5
GTA5_b3258.exe+200D98
GTA5_b3258.exe+2836E
WinDbg Exception Analysis:
KEY_VALUES_STRING: 1
Key : Failure.Bucket
Value: INVALID_POINTER_WRITE_c0000005_FiveM_GTAProcess.exe!Unknown
Key : Failure.Exception.Code
Value: 0xc0000005
Key : Failure.Exception.IP.Offset
Value: 0x14d237
Key : Failure.Hash
Value: {64305cbe-ba69-2a31-6338-285281ed39ce}
CONTEXT: (.ecxr)
rax=00000074edfce350 rbx=000001d85ccef610 rcx=000001db8de074e0
rdx=00000074edfce310 rsi=0000000000000000 rdi=000001d84cd92200
rip=00007ff6797dd237 rsp=00000074edfce090 rbp=00000074edfce339
r8=00000074edfce370 r9=00000074edfce360 r10=00000074edfce420
r11=00000074edfce2b8 r12=000001d858133c17 r13=0000000000000000
r14=000001d9aaf3e380 r15=000001d857b320f0
iopl=0 nv up ei pl nz na po nc
cs=0033 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010206
FiveM_GTAProcess+0x14d237:
00007ff6797dd237 440f2909 movaps xmmword ptr [rcx],xmm9 ds:000001db8de074e0=????????????????????????????????
Note: I will provide the .dmp file upon request by the development team.
[CfxCrashDump_2026_03_14_00_01_03.z
ip](https://github.com/user-attachments/files/26006388/CfxCrashDump_2026_03_14_00_01_03.zip)
What happened?
The FiveM client experiences a fatal crash with an Access Violation (
0xc0000005- INVALID_POINTER_WRITE). The crash occurs atGTA5_b3258.exe+14D237when the game attempts to write vector/SIMD data to an unmapped or invalid memory address (movaps xmmword ptr [rcx],xmm9).I strongly suspect this crash is being intentionally triggered by a malicious user (cheater) exploiting a vulnerability on the server to crash other clients.
Legacy crash hash:
oxygen-north-fishExpected result
The game engine should gracefully handle the corrupted memory operation or invalid network event without faulting, and the client should not crash.
Reproduction steps
oxygen-north-fishhash without any specific action taken by the victim.Importancy
Crash
Area(s)
FiveM
Specific version(s)
GTA5_b3258.exe) * Server Artifacts: 26803 * OS: Windows 10 Version 19045 (10.0.19041.1)Additional information
Stack Trace:
GTA5_b3258.exe+14D237
GTA5_b3258.exe+13DF43C
GTA5_b3258.exe+F7D1AB
GTA5_b3258.exe+F7A811
GTA5_b3258.exe+5781A5
GTA5_b3258.exe+200D98
GTA5_b3258.exe+2836E
WinDbg Exception Analysis:
KEY_VALUES_STRING: 1
Key : Failure.Bucket
Value: INVALID_POINTER_WRITE_c0000005_FiveM_GTAProcess.exe!Unknown
Key : Failure.Exception.Code
Value: 0xc0000005
Key : Failure.Exception.IP.Offset
Value: 0x14d237
Key : Failure.Hash
Value: {64305cbe-ba69-2a31-6338-285281ed39ce}
CONTEXT: (.ecxr)
rax=00000074edfce350 rbx=000001d85ccef610 rcx=000001db8de074e0
rdx=00000074edfce310 rsi=0000000000000000 rdi=000001d84cd92200
rip=00007ff6797dd237 rsp=00000074edfce090 rbp=00000074edfce339
r8=00000074edfce370 r9=00000074edfce360 r10=00000074edfce420
r11=00000074edfce2b8 r12=000001d858133c17 r13=0000000000000000
r14=000001d9aaf3e380 r15=000001d857b320f0
iopl=0 nv up ei pl nz na po nc
cs=0033 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010206
FiveM_GTAProcess+0x14d237:
00007ff6
797dd237 440f2909 movaps xmmword ptr [rcx],xmm9 ds:000001db8de074e0=????????????????????????????????Note: I will provide the
.dmpfile upon request by the development team.[CfxCrashDump_2026_03_14_00_01_03.z
ip](https://github.com/user-attachments/files/26006388/CfxCrashDump_2026_03_14_00_01_03.zip)