CVE-2025-1944

picklescan before 0.0.23 is vulnerable to a ZIP archive manipulation attack that causes it to crash when attempting to extract and scan PyTorch model archives. By modifying the filename in the ZIP header while keeping the original filename in the directory listing, an attacker can make PickleScan...

UBUNTU-CVE-2025-2148

A vulnerability was found in PyTorch 2.6.0+cu124. It has been declared as critical. Affected by this vulnerability is the function torch.ops.profiler.callendcallbacksonjitfut of the component Tuple Handler. The manipulation of the argument None leads to memory corruption. The attack can be launch...

CVE-2025-2148 PyTorch Tuple torch.ops.profiler._call_end_callbacks_on_jit_fut memory corruption

A vulnerability was found in PyTorch 2.6.0+cu124. It has been declared as critical. Affected by this vulnerability is the function torch.ops.profiler.callendcallbacksonjitfut of the component Tuple Handler. The manipulation of the argument None leads to memory corruption. The attack can be launch...

CVE-2025-2148 PyTorch Tuple torch.ops.profiler._call_end_callbacks_on_jit_fut memory corruption

A vulnerability was found in PyTorch 2.6.0+cu124. It has been declared as critical. Affected by this vulnerability is the function torch.ops.profiler.callendcallbacksonjitfut of the component Tuple Handler. The manipulation of the argument None leads to memory corruption. The attack can be launch...

CVE-2025-2148

CVE-2025-2148 : PyTorch 2.6.0+cu124 contains a vulnerability affecting torch.ops.profiler._call_end_callbacks_on_jit_fut in the Tuple Handler. Manipulating the argument None can cause memory corruption. The report notes a remote attack with high impact and high attack complexity; no explicit reme...

CVE-2025-2148

A vulnerability was found in PyTorch 2.6.0+cu124. It has been declared as critical. Affected by this vulnerability is the function torch.ops.profiler.callendcallbacksonjitfut of the component Tuple Handler. The manipulation of the argument None leads to memory corruption. The attack can be launch...

CVE-2025-1945 picklescan - Zip Flag Bit Exploit Crashes Picklescan But Not PyTorch

picklescan before 0.0.23 fails to detect malicious pickle files inside PyTorch model archives when certain ZIP file flag bits are modified. By flipping specific bits in the ZIP file headers, an attacker can embed malicious pickle files that remain undetected by PickleScan while still being...

CVE-2025-1945 picklescan - Zip Flag Bit Exploit Crashes Picklescan But Not PyTorch

picklescan before 0.0.23 fails to detect malicious pickle files inside PyTorch model archives when certain ZIP file flag bits are modified. By flipping specific bits in the ZIP file headers, an attacker can embed malicious pickle files that remain undetected by PickleScan while still being...

CVE-2025-1945

The CVE-2025-1945 issue affects PickleScan before 0.0.23, which fails to detect malicious pickle payloads embedded inside PyTorch model archives when specific ZIP header flag bits are modified. By flipping ZIP flag bits (e.g., 0x1, 0x20, 0x40) in the archive, an attacker can place a malicious pic...

CVE-2025-1944 picklescan ZIP archive manipulation attack leads to crash

picklescan before 0.0.23 is vulnerable to a ZIP archive manipulation attack that causes it to crash when attempting to extract and scan PyTorch model archives. By modifying the filename in the ZIP header while keeping the original filename in the directory listing, an attacker can make PickleScan...

CVE-2025-1944 picklescan ZIP archive manipulation attack leads to crash

picklescan before 0.0.23 is vulnerable to a ZIP archive manipulation attack that causes it to crash when attempting to extract and scan PyTorch model archives. By modifying the filename in the ZIP header while keeping the original filename in the directory listing, an attacker can make PickleScan...

CVE-2025-1944

Summary (concrete details): CVE-2025-1944 affects picklescan

PyTorch 缓冲区错误漏洞

PyTorch is a Python package open-sourced by PyTorch. A security vulnerability exists in PyTorch version 2.6.0+cu124, which stems from the torch.ops.profiler.callendcallbacksonjitfut function that could lead to memory corruption...

PT-2025-10576

Name of the Vulnerable Software and Affected Versions PyTorch version 2.6.0+cu124 Description A critical vulnerability was found in the function torch.ops.profiler. call end callbacks on jit fut of the component Tuple Handler. The manipulation of the argument None leads to memory corruption. The...

PyTorch 安全漏洞

PyTorch is a Python package open-sourced by PyTorch. A security vulnerability exists in PyTorch version 2.6.0+cu124, which stems from the nnqSigmoid function that may lead to improper initialization...

Linux Distros Unpatched Vulnerability : CVE-2024-31584

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Pytorch before v2.2.0 has an Out-of-bounds Read vulnerability via the component torch/csrc/jit/mobile/flatbufferloader.cpp. CVE-2024-31584 Note that Nessus reli...

Linux Distros Unpatched Vulnerability : CVE-2024-31580

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PyTorch before v2.2.0 was discovered to contain a heap buffer overflow vulnerability in the component /runtime/varargfunctions.cpp. This vulnerability allows...

PyTorch Model Files Can Bypass Pickle Scanners via Unexpected Pickle Extensions

CVE-2025-1889 Summary Picklescan fails to detect hidden pickle files embedded in PyTorch model archives due to its reliance on file extensions for detection. This allows an attacker to embed a secondary, malicious pickle file with a non-standard extension inside a model archive, which remains...

GHSA-769V-P64C-89PR PyTorch Model Files Can Bypass Pickle Scanners via Unexpected Pickle Extensions

CVE-2025-1889 Summary Picklescan fails to detect hidden pickle files embedded in PyTorch model archives due to its reliance on file extensions for detection. This allows an attacker to embed a secondary, malicious pickle file with a non-standard extension inside a model archive, which remains...

PT-2025-10577

Name of the Vulnerable Software and Affected Versions PyTorch version 2.6.0+cu124 Description A problem was found in the Quantized Sigmoid Module, specifically in the nnq Sigmoid function. The issue arises from the manipulation of the scale and zero point arguments, leading to improper...