UBUNTU-CVE-2024-31580

PyTorch before v2.2.0 was discovered to contain a heap buffer overflow vulnerability in the component /runtime/varargfunctions.cpp. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input...

UBUNTU-CVE-2024-31583

Pytorch before version v2.2.0 was discovered to contain a use-after-free vulnerability in torch/csrc/jit/mobile/interpreter.cpp...

PyTorch 安全漏洞

PyTorch is a Python package open-sourced by PyTorch. A security vulnerability exists in PyTorch versions prior to v2.2.0 that stems from the presence of a post-release reuse vulnerability...

CVE-2024-31583

Pytorch before version v2.2.0 was discovered to contain a use-after-free vulnerability in torch/csrc/jit/mobile/interpreter.cpp...

PT-2024-5965 · Pytorch +1 · Pytorch +1

Name of the Vulnerable Software and Affected Versions: Pytorch versions prior to v2.2.0 Description: The issue is related to a use-after-free vulnerability in the torch/csrc/jit/mobile/interpreter.cpp component of the PyTorch machine learning framework. This vulnerability can be exploited to...

CVE-2024-31583

CVE-2024-31583 affects PyTorch due to a use-after-free flaw in torch/csrc/jit/mobile/interpreter.cpp. Affected versions: PyTorch prior to 2.2.0; the issue enables denial of service when a victim opens crafted content. Exploitation details are not provided beyond the vulnerability description in t...

CVE-2024-31583

Pytorch before version v2.2.0 was discovered to contain a use-after-free vulnerability in torch/csrc/jit/mobile/interpreter.cpp...

CVE-2024-31580

CVE-2024-31580 affects PyTorch prior to 2.2.0, due to a heap-based buffer overflow in /runtime/vararg_functions.cpp. A crafted input can cause a Denial of Service. The available connected documents indicate vulnerable PyTorch versions and a clear remediation: upgrade to PyTorch 2.2.0 or newer (or...

CVE-2024-31580

PyTorch before v2.2.0 was discovered to contain a heap buffer overflow vulnerability in the component /runtime/varargfunctions.cpp. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input...

CVE-2024-31580

PyTorch before v2.2.0 was discovered to contain a heap buffer overflow vulnerability in the component /runtime/varargfunctions.cpp. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input...

PyTorch 安全漏洞

PyTorch is a Python package open-sourced by PyTorch. A security vulnerability exists in PyTorch versions prior to v2.2.0 that stems from the inclusion of a heap buffer overflow vulnerability that allows an attacker to cause a denial of service DoS via crafted input...

PT-2024-6375

Name of the Vulnerable Software and Affected Versions PyTorch versions prior to 2.2.0 Description The issue is related to a heap buffer overflow in the /runtime/vararg functions.cpp component. This allows attackers to cause a Denial of Service DoS via a crafted input. The vulnerability is...

CVE-2024-31583

Pytorch before version v2.2.0 was discovered to contain a use-after-free vulnerability in torch/csrc/jit/mobile/interpreter.cpp...

CVE-2024-31580

PyTorch before v2.2.0 was discovered to contain a heap buffer overflow vulnerability in the component /runtime/varargfunctions.cpp. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input...

PyTorch Serve Server-Side Request Forgery

PyTorch Serve version prior to 0.8.2 and versions using a default configuration are vulnerable to a Server-Side Request Forgery allowing an unauthenticated user to write a file to disk, that can lead to an arbitrary code execution. No source data...

BIT-PYTORCH-2022-45907

In PyTorch before trunk/89695, torch.jit.annotations.parsetypeline can cause arbitrary code execution because eval is used unsafely...

New Hugging Face Vulnerability Exposes AI Models to Supply Chain Attacks

Cybersecurity researchers have found that it's possible to compromise the Hugging Face Safetensors conversion service to ultimately hijack the models submitted by users and result in supply chain attacks. "It's possible to send malicious pull requests with attacker-controlled data from the Huggin...

AZL-35146 CVE-2024-27318 affecting package pytorch for versions less than 2.2.2-1

Versions of the package onnx before and including 1.15.0 are vulnerable to Directory Traversal as the externaldata field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory. The vulnerability occurs as a bypass for the patch adde...

AZL-35148 CVE-2024-27319 affecting package pytorch for versions less than 2.2.2-1

Versions of the package onnx before and including 1.15.0 are vulnerable to Out-of-bounds Read as the ONNXASSERT and ONNXASSERTM functions have an off by one string copy...

AZL-34464 CVE-2024-27318 affecting package pytorch for versions less than 2.0.0-6

Versions of the package onnx before and including 1.15.0 are vulnerable to Directory Traversal as the externaldata field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory. The vulnerability occurs as a bypass for the patch adde...