EUVD-2025-205782

Picklescan is vulnerable to RCE via missing detection when calling numpy.f2py.crackfortran.getlincoef...

GHSA-RRXM-2PVV-M66X Picklescan is vulnerable to RCE via missing detection when calling numpy.f2py.crackfortran.getlincoef

Summary Picklescan uses the numpy.f2py.crackfortran.getlincoef function a NumPy F2PY helper to execute arbitrary Python code during unpickling. Details Picklescan fails to detect a malicious pickle that uses the gadget numpy.f2py.crackfortran.getlincoef in reduce, allowing arbitrary command...

Picklescan is vulnerable to RCE via missing detection when calling numpy.f2py.crackfortran.param_eval

Summary Picklescan uses numpy.f2py.crackfortran.parameval, which is a function in numpy to execute remote pickle files. Details The attack payload executes in the following steps: - First, the attacker crafts the payload by calling the numpy.f2py.crackfortran.parameval function via reduce method....

Deserialization of Untrusted Data

Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Deserialization of Untrusted Data via using the numpy.f2py.crackfortran.parameval function. An attacker can execute arbitrary code by crafting ...

EUVD-2025-205659

Picklescan is vulnerable to RCE via missing detection when calling numpy.f2py.crackfortran.parameval...

GHSA-3329-GHMP-JMV5 Picklescan is vulnerable to RCE through missing detection when calling numpy.f2py.crackfortran.myeval

Summary Picklescan uses numpy.f2py.crackfortran.myeval, which is a function in numpy to execute remote pickle files. Details The attack payload executes in the following steps: - First, the attacker crafts the payload by calling the numpy.f2py.crackfortran.myeval function in its reduce method -...

Deserialization of Untrusted Data

Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Deserialization of Untrusted Data due to using the numpy.f2py.crackfortran.myeval function, which executes a remote pickle file. An attacker ca...

EUVD-2025-205638

Picklescan is vulnerable to RCE through missing detection when calling numpy.f2py.crackfortran.myeval...

Picklescan is vulnerable to RCE through missing detection when calling numpy.f2py.crackfortran.myeval

Summary Picklescan uses numpy.f2py.crackfortran.myeval, which is a function in numpy to execute remote pickle files. Details The attack payload executes in the following steps: - First, the attacker crafts the payload by calling the numpy.f2py.crackfortran.myeval function in its reduce method -...

GHSA-R8G5-CGF2-4M4M Picklescan missing detection when calling numpy.f2py.crackfortran.getlincoef

Summary An unsafe deserialization vulnerability allows an attacker to execute arbitrary code on the host when loading a malicious pickle payload from an untrusted source. Details The numpy.f2py.crackfortran module exposes many functions that call eval on arbitrary strings of values. This is the...

Picklescan missing detection when calling numpy.f2py.crackfortran.getlincoef

Summary An unsafe deserialization vulnerability allows an attacker to execute arbitrary code on the host when loading a malicious pickle payload from an untrusted source. Details The numpy.f2py.crackfortran module exposes many functions that call eval on arbitrary strings of values. This is the...

EUVD-2025-205587

Picklescan missing detection when calling numpy.f2py.crackfortran.getlincoef...

python39:3.9 security update

modwsgi numpy python39 3.9.25-2 - Add explicit BR: libxcrypt-devel - Properly apply exported CFLAGS for dtrace/systemtap builds - Update to Python 3.9.25 - Move sysconfigdatadlinux.py to the debug subpackage - Fedora contributions by: Bjorn Esser Charalampos Stratakis Karolina Surma Tomas Orsava...

Heap-based Buffer Overflow

MLX is vulnerable to Heap-based Buffer Overflow. The vulnerability is due to a 13-byte out-of-bounds read when parsing malicious NumPy .npy files, where an attacker-controlled file causes a crash or information disclosure, and attackers can exploit this by crafting malicious .npy files to gain...

PYSEC-2025-138

MLX is an array framework for machine learning on Apple silicon. Prior to version 0.29.4, there is a heap buffer overflow in mlx::core::load when parsing malicious NumPy .npy files. Attacker-controlled file causes 13-byte out-of-bounds read, leading to crash or information disclosure. This issue...

CVE-2025-62608

MLX is an array framework for machine learning on Apple silicon. Prior to version 0.29.4, there is a heap buffer overflow in mlx::core::load when parsing malicious NumPy .npy files. Attacker-controlled file causes 13-byte out-of-bounds read, leading to crash or information disclosure. This issue...

CVE-2025-62608 MLX has heap-buffer-overflow in load()

MLX is an array framework for machine learning on Apple silicon. Prior to version 0.29.4, there is a heap buffer overflow in mlx::core::load when parsing malicious NumPy .npy files. Attacker-controlled file causes 13-byte out-of-bounds read, leading to crash or information disclosure. This issue...

CVE-2025-62608 MLX has heap-buffer-overflow in load()

MLX is an array framework for machine learning on Apple silicon. Prior to version 0.29.4, there is a heap buffer overflow in mlx::core::load when parsing malicious NumPy .npy files. Attacker-controlled file causes 13-byte out-of-bounds read, leading to crash or information disclosure. This issue...

CVE-2025-62608

MLX vulnerable to a heap-buffer-overflow in mlx::core::load() when parsing malicious NumPy .npy files. Prior to version 0.29.4, attacker-controlled files can trigger a 13-byte out-of-bounds read, leading to crash or information disclosure. The issue is fixed in version 0.29.4. Affected platforms:...

CVE-2025-62608 MLX has heap-buffer-overflow in load()

MLX is an array framework for machine learning on Apple silicon. Prior to version 0.29.4, there is a heap buffer overflow in mlx::core::load when parsing malicious NumPy .npy files. Attacker-controlled file causes 13-byte out-of-bounds read, leading to crash or information disclosure. This issue...