CVE-2025-1945 picklescan - Zip Flag Bit Exploit Crashes Picklescan But Not PyTorch

picklescan before 0.0.23 fails to detect malicious pickle files inside PyTorch model archives when certain ZIP file flag bits are modified. By flipping specific bits in the ZIP file headers, an attacker can embed malicious pickle files that remain undetected by PickleScan while still being...

CVE-2025-1945

The CVE-2025-1945 issue affects PickleScan before 0.0.23, which fails to detect malicious pickle payloads embedded inside PyTorch model archives when specific ZIP header flag bits are modified. By flipping ZIP flag bits (e.g., 0x1, 0x20, 0x40) in the archive, an attacker can place a malicious pic...

CVE-2025-1944 picklescan ZIP archive manipulation attack leads to crash

picklescan before 0.0.23 is vulnerable to a ZIP archive manipulation attack that causes it to crash when attempting to extract and scan PyTorch model archives. By modifying the filename in the ZIP header while keeping the original filename in the directory listing, an attacker can make PickleScan...

CVE-2025-1944

Summary (concrete details): CVE-2025-1944 affects picklescan

CVE-2025-1944 picklescan ZIP archive manipulation attack leads to crash

picklescan before 0.0.23 is vulnerable to a ZIP archive manipulation attack that causes it to crash when attempting to extract and scan PyTorch model archives. By modifying the filename in the ZIP header while keeping the original filename in the directory listing, an attacker can make PickleScan...

PyTorch 缓冲区错误漏洞

PyTorch is a Python package open-sourced by PyTorch. A security vulnerability exists in PyTorch version 2.6.0+cu124, which stems from the torch.ops.profiler.callendcallbacksonjitfut function that could lead to memory corruption...

PyTorch 安全漏洞

PyTorch is a Python package open-sourced by PyTorch. A security vulnerability exists in PyTorch version 2.6.0+cu124, which stems from the nnqSigmoid function that may lead to improper initialization...

PT-2025-10576

Name of the Vulnerable Software and Affected Versions PyTorch version 2.6.0+cu124 Description A critical vulnerability was found in the function torch.ops.profiler. call end callbacks on jit fut of the component Tuple Handler. The manipulation of the argument None leads to memory corruption. The...

Linux Distros Unpatched Vulnerability : CVE-2024-31584

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Pytorch before v2.2.0 has an Out-of-bounds Read vulnerability via the component torch/csrc/jit/mobile/flatbufferloader.cpp. CVE-2024-31584 Note that Nessus reli...

Linux Distros Unpatched Vulnerability : CVE-2024-31580

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PyTorch before v2.2.0 was discovered to contain a heap buffer overflow vulnerability in the component /runtime/varargfunctions.cpp. This vulnerability allows...

GHSA-769V-P64C-89PR PyTorch Model Files Can Bypass Pickle Scanners via Unexpected Pickle Extensions

CVE-2025-1889 Summary Picklescan fails to detect hidden pickle files embedded in PyTorch model archives due to its reliance on file extensions for detection. This allows an attacker to embed a secondary, malicious pickle file with a non-standard extension inside a model archive, which remains...

PyTorch Model Files Can Bypass Pickle Scanners via Unexpected Pickle Extensions

CVE-2025-1889 Summary Picklescan fails to detect hidden pickle files embedded in PyTorch model archives due to its reliance on file extensions for detection. This allows an attacker to embed a secondary, malicious pickle file with a non-standard extension inside a model archive, which remains...

PT-2025-10577

Name of the Vulnerable Software and Affected Versions PyTorch version 2.6.0+cu124 Description A problem was found in the Quantized Sigmoid Module, specifically in the nnq Sigmoid function. The issue arises from the manipulation of the scale and zero point arguments, leading to improper...

PT-2025-39411

Name of the Vulnerable Software and Affected Versions pytorch version 2.8.0 Description The software exhibits unexpected behavior when utilizing the torch.rot90 and torch.randn like components together. Recommendations At the moment, there is no information about a newer version that contains a f...

PT-2025-7327 · Pytorch +1 · Pytorch +1

Name of the Vulnerable Software and Affected Versions: InvokeAI affected versions not specified Description: The issue concerns an unsafely deserialized file download in the backend, potentially allowing remote code execution RCE through PyTorch's torch.load function. Recommendations: At the...

Azure Linux 3.0 Security Update: nodejs / pytorch (CVE-2021-22918)

The version of nodejs / pytorch installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2021-22918 advisory. - Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uvidnatoascii ...

Azure Linux 3.0 Security Update: pytorch (CVE-2024-27319)

The version of pytorch installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-27319 advisory. - Versions of the package onnx before and including 1.15.0 are vulnerable to Out-of-bounds Read as the...

Azure Linux 3.0 Security Update: pytorch (CVE-2024-27318)

The version of pytorch installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-27318 advisory. - Versions of the package onnx before and including 1.15.0 are vulnerable to Directory Traversal as the...

Exploit for Improper Control of Dynamically-Managed Code Resources in Lightningai Pytorch_Lightning

CVE-2024-5452 01. RCE 와 pytorch-lightning 개요 - 1 RCE 와...

Malicious ML Models on Hugging Face Leverage Broken Pickle Format to Evade Detection

Cybersecurity researchers have uncovered two malicious machine learning ML models on Hugging Face that leveraged an unusual technique of "broken" pickle files to evade detection. "The pickle files extracted from the mentioned PyTorch archives revealed the malicious Python content at the beginning...