MLX has heap-buffer-overflow in load()

Summary Heap buffer overflow in mlx::core::load when parsing malicious NumPy .npy files. Attacker-controlled file causes 13-byte out-of-bounds read, leading to crash or information disclosure. Environment: - OS: Ubuntu 20.04.6 LTS - Compiler: Clang 19.1.7 Vulnerability The parser reads a 118-byte...

EUVD-2025-198501

MLX has heap-buffer-overflow in load...

GHSA-W6VG-JG77-2QG6 MLX has heap-buffer-overflow in load()

Summary Heap buffer overflow in mlx::core::load when parsing malicious NumPy .npy files. Attacker-controlled file causes 13-byte out-of-bounds read, leading to crash or information disclosure. Environment: - OS: Ubuntu 20.04.6 LTS - Compiler: Clang 19.1.7 Vulnerability The parser reads a 118-byte...

PT-2025-47797

Name of the Vulnerable Software and Affected Versions MLX versions prior to 0.29.4 Description MLX, an array framework for machine learning on Apple silicon, contains a heap buffer overflow in the mlx::core::load function when processing malicious NumPy .npy files. A specially crafted file can...

MLX 安全漏洞

MLX is a machine learning framework open-sourced by ml-explore. A security vulnerability exists in MLX versions prior to 0.29.4 that stems from a heap buffer overflow when parsing a malicious NumPy file, which could lead to a crash or information disclosure...

EUVD-2021-0151

Malware in sbrugna...

EUVD-2018-0107

Malware in sbrugna...

EUVD-2018-0108

Malware in sbrugna...

EUVD-2017-0080

Malware in sbrugna...

EUVD-2022-7375

Malicious code in bioql PyPI...

EUVD-2025-29398

Malicious code in bioql PyPI...

EUVD-2025-7056

Malicious code in bioql PyPI...

TencentOS Server 3: numpy (TSSA-2022:0057)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2022:0057 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

CVE-2022-41884

TensorFlow is an open source platform for machine learning. If a numpy array is created with a shape such that one element is zero and the others sum to a large number, an error will be raised. We have patched the issue in GitHub commit 2b56169c16e375c521a3bc8ea658811cc0793784. The fix will be...

Alibaba Cloud Linux 3 : 0057: numpy (ALINUX3-SA-2022:0057)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2022:0057 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2019-6446: DISPUTED An issue was discovered in...

python3.12-numpy bug fix and enhancement update

An update is available for python3.12-numpy. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...

python3.12-numpy bug fix and enhancement update

An update is available for python3.12-numpy. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...

Unsafe Deserialization

picklescan is vulnerable to Unsafe deserialization. The vulnerability is due to the ability to exploit built-in functions in the NumPy library that indirectly invoke dangerous functions like exec, allowing execution of arbitrary Python or OS commands...

CVE-2018-1999024 affecting package numpy for versions less than 1.26.3-4

CVE-2018-1999024 affecting package numpy for versions less than 1.26.3-4. A patched version of the package is available...

Picklescan failed to detect to some unsafe global function in Numpy library

Summary An unsafe deserialization vulnerability in Python’s pickle module allows an attacker to bypass static analysis tools like Picklescan and execute arbitrary code during deserialization. This can be exploited by import some built-in function in Numpy library that indrectly call some dangerou...