CVE-2025-23304

CVE-2025-23304 affects the NVIDIA NeMo library (model loading component). The vulnerability arises from loading .nemo files with maliciously crafted metadata, enabling code injection that may lead to remote code execution and data tampering. Affected: NVIDIA NeMo library (model loading). Exploita...

ExecuTorch integer overflow vulnerability

An integer overflow vulnerability in the loading of ExecuTorch models can cause objects to be placed outside their allocated memory area, potentially resulting in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit 0830af8207240df8d7f35b984cdf8bc35d74fa73...

CVE-2025-5202

A vulnerability was found in Open Asset Import Library Assimp 5.4.3. It has been declared as problematic. Affected by this vulnerability is the function HL1MDLLoader::validateheader of the file assimp/code/AssetLib/MDL/HalfLife/HL1MDLLoader.cpp. The manipulation leads to out-of-bounds read. An...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read through the MDLImporter::InternReadFileQuake1 function. An attacker can read data outside the intended buffer boundaries by manipulating the input data to the function. Remediation There is no fixed version for assimp...

DEBIAN-CVE-2025-5169

A vulnerability classified as problematic has been found in Open Asset Import Library Assimp 5.4.3. This affects the function MDLImporter::InternReadFile3DGSMDL345 of the file assimp/code/AssetLib/MDL/MDLLoader.cpp. The manipulation leads to out-of-bounds read. Local access is required to approac...

DEBIAN-CVE-2025-3196

A vulnerability, which was classified as critical, was found in Open Asset Import Library Assimp 5.4.3. Affected is the function Assimp::MD2Importer::InternReadFile in the library code/AssetLib/MD2/MD2Loader.cpp of the component Malformed File Handler. The manipulation of the argument Name leads ...

CVE-2024-10372

A vulnerability classified as problematic was found in chidiwilliams buzz 1.1.0. This vulnerability affects the function downloadmodel of the file buzz/modelloader.py. The manipulation leads to insecure temporary file. It is possible to launch the attack on the local host. The complexity of an...

PT-2024-16226 · Unknown · Chidiwilliams Buzz

Name of the Vulnerable Software and Affected Versions: chidiwilliams buzz version 1.1.0 Description: A problematic vulnerability was found in the download model function of the buzz/model loader.py file. This issue leads to an insecure temporary file and can be exploited locally, with a high...

Buzz 安全漏洞

Buzz is a tool by the individual developer Chidi Williams. It is used to transcribe and translate audio offline on a personal computer. A security vulnerability exists in Buzz version 1.1.0, which stems from a function downloadmodel in the file buzz/modelloader.py that results in an insecure...