5 matches found
vLLM's Artifact Pin Decay allows pinned deployments to load unpinned code, weights, and processors
Summary vLLM's revision pinning controls do not consistently apply to all artifacts loaded for a model. A deployment that supplies --revision or --code-revision can still load dynamic code, GGUF files, image processors, retrieval side weights, or same-repository subfolder weights/config from an...
CVE-2025-62609
MLX is an array framework for machine learning on Apple silicon. Prior to version 0.29.4, there is a segmentation fault in mlx::core::loadgguf when loading malicious GGUF files. Untrusted pointer from external gguflib library is dereferenced without validation, causing application crash. This iss...
EUVD-2025-198500
MLX has Wild Pointer Dereference in loadgguf...
PT-2025-47798
Name of the Vulnerable Software and Affected Versions MLX versions prior to 0.29.4 Description MLX, an array framework for machine learning on Apple silicon, contains a flaw in the mlx::core::load gguf function. This function experiences a segmentation fault when processing maliciously crafted GG...
CVE-2025-0315
A vulnerability in ollama/ollama =0.3.14 allows a malicious user to create a customized GGUF model file, upload it to the Ollama server, and create it. This can cause the server to allocate unlimited memory, leading to a Denial of Service DoS attack...