llama.cpp GGUF library header.n_tensors heap-based buffer overflow vulnerability

Talos Vulnerability Report TALOS-2024-1915 llama.cpp GGUF library header.ntensors heap-based buffer overflow vulnerability February 26, 2024 CVE Number CVE-2024-21836 SUMMARY A heap-based buffer overflow vulnerability exists in the GGUF library header.ntensors functionality of llama.cpp Commit...

AZL-34464 CVE-2024-27318 affecting package pytorch for versions less than 2.0.0-6

Versions of the package onnx before and including 1.15.0 are vulnerable to Directory Traversal as the externaldata field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory. The vulnerability occurs as a bypass for the patch adde...

PYSEC-2024-222

Versions of the package onnx before and including 1.15.0 are vulnerable to Directory Traversal as the externaldata field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory. The vulnerability occurs as a bypass for the patch adde...

CVE-2024-27318

Versions of the package onnx before and including 1.15.0 are vulnerable to Directory Traversal as the externaldata field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory. The vulnerability occurs as a bypass for the patch adde...

AZL-35146 CVE-2024-27318 affecting package pytorch for versions less than 2.2.2-1

Versions of the package onnx before and including 1.15.0 are vulnerable to Directory Traversal as the externaldata field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory. The vulnerability occurs as a bypass for the patch adde...

Directory traversal

Versions of the package onnx before and including 1.15.0 are vulnerable to Directory Traversal as the externaldata field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory. The vulnerability occurs as a bypass for the patch adde...

CVE-2024-27318

Versions of the package onnx before and including 1.15.0 are vulnerable to Directory Traversal as the externaldata field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory. The vulnerability occurs as a bypass for the patch adde...

CVE-2024-27318

Versions of the package onnx before and including 1.15.0 are vulnerable to Directory Traversal as the externaldata field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory. The vulnerability occurs as a bypass for the patch adde...

CVE-2024-27318

CVE-2024-27318 affects the ONNX package: versions up to and including 1.15.0 are vulnerable to a Directory Traversal in the external_data field of the tensor proto, which can reference files outside the model directory or user-provided directory. The issue is described as a bypass of the patch fo...

PT-2024-21817 · Onnx · Onnx

Name of the Vulnerable Software and Affected Versions: onnx versions prior to 1.15.0 Description: The issue allows Directory Traversal as the external data field of the tensor proto can have a path to a file outside the model's current directory or user-provided directory. This vulnerability occu...

Open Neural Network Exchange Path Traversal Vulnerability

Open Neural Network Exchange ONNX is an open ecosystem that enables AI developers to choose the right tools as their projects evolve. A security vulnerability exists in Open Neural Network Exchange versions 1.15.0 and earlier, which stems from a field in the externaldata tensor prototype that may...

PT-2024-12605 · Google +1 · Tensor +1

Name of the Vulnerable Software and Affected Versions: No specific software or version information is provided, but affected chipsets include Tensor Pixel and Exynos basebands. Description: The issue is related to the incorrect handling of malformed NAS messages, which can cause a modem crash. Th...

Denial Of Service (DoS)

paddlepaddle is vulnerable to Denial Of Service DOS. The vulnerability is caused due to a Null pointer dereference within the paddle.crop function when tensor dims are invalid. This leads to an application crash resulting in Denial Of Service DoS...

BIT-2020-15197

In Tensorflow before version 2.3.1, the SparseCountSparseOutput implementation does not validate that the input arguments form a valid sparse tensor. In particular, there is no validation that the indices tensor has rank 2. This tensor must be a matrix because code assumes its elements are access...

ss-scrapping (>=0.1.0 <=0.2.0) potentially affected by CVE-2023-27506 via intel-tensorflow (=0.0.1)

intel-tensorflow PYPI version =0.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on intel-tensorflow and may be impacted: - ss-scrapping =0.1.0, =0.2.0 Source cves: CVE-2023-27506 Source advisory: OSV:GHSA-M2F8-V8Q4-3M59...

SUSE CVE-2023-29941

llvm-project commit a0138390 was discovered to contain a segmentation fault via the component matchAndRewriteSortOpmlir::sparsetensor::SortOp...

AZL-26408 CVE-2023-29941 affecting package llvm16 for versions less than 16.0.0-4

llvm-project commit a0138390 was discovered to contain a segmentation fault via the component matchAndRewriteSortOpmlir::sparsetensor::SortOp...

DEBIAN-CVE-2023-29941

llvm-project commit a0138390 was discovered to contain a segmentation fault via the component matchAndRewriteSortOpmlir::sparsetensor::SortOp...

LLVM project 缓冲区错误漏洞

LLVM project is a collection of modular, reusable compiler and toolchain technologies open-sourced by LLVM. A security vulnerability exists in LLVM project version a0138390, which stems from a segmentation error in the component matchAndRewriteSortOp...

PT-2023-22491 · Unknown +1 · Llvm-Project +1

Name of the Vulnerable Software and Affected Versions: llvm-project affected versions not specified Description: The issue is related to a segmentation fault in the llvm-project, specifically via the component matchAndRewriteSortOpmlir::sparse tensor::SortOp. Recommendations: At the moment, there...