CVE-2025-62608 MLX has heap-buffer-overflow in load()

MLX is an array framework for machine learning on Apple silicon. Prior to version 0.29.4, there is a heap buffer overflow in mlx::core::load when parsing malicious NumPy .npy files. Attacker-controlled file causes 13-byte out-of-bounds read, leading to crash or information disclosure. This issue...

CVE-2025-62608

MLX vulnerable to a heap-buffer-overflow in mlx::core::load() when parsing malicious NumPy .npy files. Prior to version 0.29.4, attacker-controlled files can trigger a 13-byte out-of-bounds read, leading to crash or information disclosure. The issue is fixed in version 0.29.4. Affected platforms:...

CVE-2025-62608 MLX has heap-buffer-overflow in load()

MLX is an array framework for machine learning on Apple silicon. Prior to version 0.29.4, there is a heap buffer overflow in mlx::core::load when parsing malicious NumPy .npy files. Attacker-controlled file causes 13-byte out-of-bounds read, leading to crash or information disclosure. This issue...

PT-2025-47797

Name of the Vulnerable Software and Affected Versions MLX versions prior to 0.29.4 Description MLX, an array framework for machine learning on Apple silicon, contains a heap buffer overflow in the mlx::core::load function when processing malicious NumPy .npy files. A specially crafted file can...