9 matches found
CVE-2025-1944
picklescan before 0.0.23 is vulnerable to a ZIP archive manipulation attack that causes it to crash when attempting to extract and scan PyTorch model archives. By modifying the filename in the ZIP header while keeping the original filename in the directory listing, an attacker can make PickleScan...
Zip Exploit Crashes Picklescan But Not PyTorch
Summary PickleScan is vulnerable to a ZIP archive manipulation attack that causes it to crash when attempting to extract and scan PyTorch model archives. By modifying the filename in the ZIP header while keeping the original filename in the directory listing, an attacker can make PickleScan raise...
GHSA-7Q5R-7GVP-WC82 Zip Exploit Crashes Picklescan But Not PyTorch
Summary PickleScan is vulnerable to a ZIP archive manipulation attack that causes it to crash when attempting to extract and scan PyTorch model archives. By modifying the filename in the ZIP header while keeping the original filename in the directory listing, an attacker can make PickleScan raise...
Duplicate Advisory: Zip Exploit Crashes Picklescan But Not PyTorch
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-7q5r-7gvp-wc82. This link is maintained to preserve external references. Original Description picklescan before 0.0.23 is vulnerable to a ZIP archive manipulation attack that causes it to crash when attempting t...
CVE-2025-1944
picklescan before 0.0.23 is vulnerable to a ZIP archive manipulation attack that causes it to crash when attempting to extract and scan PyTorch model archives. By modifying the filename in the ZIP header while keeping the original filename in the directory listing, an attacker can make PickleScan...
PYSEC-2025-20
picklescan before 0.0.23 is vulnerable to a ZIP archive manipulation attack that causes it to crash when attempting to extract and scan PyTorch model archives. By modifying the filename in the ZIP header while keeping the original filename in the directory listing, an attacker can make PickleScan...
CVE-2025-1944
Summary (concrete details): CVE-2025-1944 affects picklescan
CVE-2025-1944 picklescan ZIP archive manipulation attack leads to crash
picklescan before 0.0.23 is vulnerable to a ZIP archive manipulation attack that causes it to crash when attempting to extract and scan PyTorch model archives. By modifying the filename in the ZIP header while keeping the original filename in the directory listing, an attacker can make PickleScan...
CVE-2025-1944 picklescan ZIP archive manipulation attack leads to crash
picklescan before 0.0.23 is vulnerable to a ZIP archive manipulation attack that causes it to crash when attempting to extract and scan PyTorch model archives. By modifying the filename in the ZIP header while keeping the original filename in the directory listing, an attacker can make PickleScan...