MLX has heap-buffer-overflow in load()

Summary Heap buffer overflow in mlx::core::load when parsing malicious NumPy .npy files. Attacker-controlled file causes 13-byte out-of-bounds read, leading to crash or information disclosure. Environment: - OS: Ubuntu 20.04.6 LTS - Compiler: Clang 19.1.7 Vulnerability The parser reads a 118-byte...

MLX 安全漏洞

MLX is a machine learning framework open-sourced by ml-explore. A security vulnerability exists in MLX versions prior to 0.29.4 that stems from a heap buffer overflow when parsing a malicious NumPy file, which could lead to a crash or information disclosure...