CVE-2025-1944

picklescan before 0.0.23 is vulnerable to a ZIP archive manipulation attack that causes it to crash when attempting to extract and scan PyTorch model archives. By modifying the filename in the ZIP header while keeping the original filename in the directory listing, an attacker can make PickleScan...

CVE-2025-1944

creationtimestamp| type| source ---|---|--- 2025-03-10 11:56:28+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/6990 2025-03-10 14:51:35+00:00| seen| https://t.me/cvedetector/19952 2025-03-10 15:40:38+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3ljzv7jzz6...

CVE-2025-1944 picklescan ZIP archive manipulation attack leads to crash

picklescan before 0.0.23 is vulnerable to a ZIP archive manipulation attack that causes it to crash when attempting to extract and scan PyTorch model archives. By modifying the filename in the ZIP header while keeping the original filename in the directory listing, an attacker can make PickleScan...

CVE-2025-1944

Summary (concrete details): CVE-2025-1944 affects picklescan

CVE-2025-1944 picklescan ZIP archive manipulation attack leads to crash

picklescan before 0.0.23 is vulnerable to a ZIP archive manipulation attack that causes it to crash when attempting to extract and scan PyTorch model archives. By modifying the filename in the ZIP header while keeping the original filename in the directory listing, an attacker can make PickleScan...