2 matches found
CVE-2025-62608
MLX is an array framework for machine learning on Apple silicon. Prior to version 0.29.4, there is a heap buffer overflow in mlx::core::load when parsing malicious NumPy .npy files. Attacker-controlled file causes 13-byte out-of-bounds read, leading to crash or information disclosure. This issue...
aggressor (=0.0.1a0), cartesia-mlx (=0.0.2) +13 more potentially affected by CVE-2025-62608 via mlx (>=0.0.4 <=0.29.2)
mlx PYPI version =0.0.4, =0.0.1, =0.6.0, =0.1.9, =0.4.2, =1.2.0, =0.0.0, =0.0.27, =0.0.1, =0.0.3a0 Source cves: CVE-2025-62608 Source advisory: OSV:PYSEC-2025-138...