Lucene search
K

17 matches found

NVD
NVD
added 2026/06/16 8:16 p.m.10 views

CVE-2026-47750

stable-diffusion.cpp is a pure C/C++ library for running diffusion model Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more inference. In versions prior to master-584-0a7ae07, the pickle .ckpt parser in src/model.cpp contained a heap buffer overflow vulnerability in the GLOBAL opcode...

7.8CVSS0.0018EPSS
Exploits1References3
NVD
NVD
added 2026/06/16 8:16 p.m.8 views

CVE-2026-47747

stable-diffusion.cpp is a pure C/C++ library for running diffusion model Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more inference. In versions prior to master-584-0a7ae07, the pickle .ckpt parser in src/model.cpp contained a heap buffer overflow vulnerability in the BINUNICODE opcode...

7.8CVSS0.0018EPSS
Exploits1References3
NVD
NVD
added 2026/06/16 7:16 p.m.12 views

CVE-2026-47748

stable-diffusion.cpp is a pure C/C++ library for running diffusion model Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more inference. Versions prior to master-584-0a7ae07 are vulnerable to an out-of-bounds reads error through PyTorch checkpoint pickle opcode parsing. The pickle .ckpt...

5.5CVSS0.00163EPSS
Exploits1References2
NVD
NVD
added 2026/06/16 7:16 p.m.12 views

CVE-2026-47749

stable-diffusion.cpp is a pure C/C++ library for running diffusion model Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more inference. Versions prior to master-584-0a7ae07 are vulnerable to heap buffer overflow in SHORTBINUNICODE parsing for PyTorch checkpoint files. The pickle .ckpt pars...

7.8CVSS0.00203EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/06/16 6:32 p.m.25 views

CVE-2026-47747 stable-diffusion.cpp has a Heap-based Buffer Overflow

stable-diffusion.cpp is a pure C/C++ library for running diffusion model Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more inference. In versions prior to master-584-0a7ae07, the pickle .ckpt parser in src/model.cpp contained a heap buffer overflow vulnerability in the BINUNICODE opcode...

7.8CVSS0.0018EPSS
Exploits1References3
CVE
CVE
added 2026/06/16 6:32 p.m.16 views

CVE-2026-47747

The CVE affects stable-diffusion.cpp, a pure C/C++ library for running diffusion model inference. The vulnerability lies in the pickle .ckpt parser in src/model.cpp within versions prior to master-584-0a7ae07, where a heap-based overflow could occur in the BINUNICODE opcode handler due to sign co...

7.8CVSS5.7AI score0.0018EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/16 6:32 p.m.3 views

CVE-2026-47747

stable-diffusion.cpp is a pure C/C++ library for running diffusion model Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more inference. In versions prior to master-584-0a7ae07, the pickle .ckpt parser in src/model.cpp contained a heap buffer overflow vulnerability in the BINUNICODE opcode...

7.8CVSS6AI score0.0018EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/06/16 6:17 p.m.23 views

CVE-2026-47750 stable-diffusion.cpp: Heap buffer overflow in GLOBAL opcode parsing for PyTorch checkpoint files

stable-diffusion.cpp is a pure C/C++ library for running diffusion model Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more inference. In versions prior to master-584-0a7ae07, the pickle .ckpt parser in src/model.cpp contained a heap buffer overflow vulnerability in the GLOBAL opcode...

7.8CVSS0.0018EPSS
Exploits1References3
CVE
CVE
added 2026/06/16 6:17 p.m.67 views

CVE-2026-47750

The CVE-2026-47750 issue affects stable-diffusion.cpp in its pickle (.ckpt) parser (src/model.cpp). A heap buffer overflow occurs in the GLOBAL opcode handler due to missing validation while locating newline-delimited fields; a crafted .ckpt from an untrusted source can cause the parser to copy w...

7.8CVSS5.8AI score0.0018EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/06/16 5:23 p.m.11 views

CVE-2026-47749

The CVE-2026-47749 entry concerns stable-diffusion.cpp, a C/C++ library for diffusion-model inference. A flaw in the pickle .ckpt parser (src/model.cpp) allows a heap buffer overflow in SHORT_BINUNICODE handling due to sign confusion on the opcode length field. A crafted untrusted .ckpt file coul...

7.8CVSS6.4AI score0.00203EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/06/16 5:11 p.m.84 views

CVE-2026-47748

CVE-2026-47748 affects stable-diffusion.cpp (C/C++ library) prior to master-584-0a7ae07. The root cause is out-of-bounds reads in the PyTorch checkpoint pickle opcode parsing in src/model.cpp, where the parser sometimes advances buffer positions without validating remaining input, allowing reads ...

5.5CVSS5.6AI score0.00163EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.17 views

PT-2026-49750

Name of the Vulnerable Software and Affected Versions stable-diffusion.cpp versions prior to master-584-0a7ae07 Description A heap buffer overflow exists in the SHORT BINUNICODE parsing for PyTorch checkpoint files within the pickle .ckpt parser in src/model.cpp. The issue stems from sign confusi...

7.8CVSS6.4AI score0.00203EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.14 views

PT-2026-49830

Name of the Vulnerable Software and Affected Versions stable-diffusion.cpp versions prior to master-584-0a7ae07 Description The pickle .ckpt parser in src/model.cpp contains a heap buffer overflow in the GLOBAL opcode handler. This occurs due to missing validation when searching for...

7.8CVSS6AI score0.0018EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.15 views

PT-2026-49829

Name of the Vulnerable Software and Affected Versions stable-diffusion.cpp versions prior to master-584-0a7ae07 Description The pickle .ckpt parser in src/model.cpp contains a heap buffer overflow in the BINUNICODE opcode handler. This occurs due to sign confusion on the opcode length field, wher...

7.8CVSS6AI score0.0018EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.8 views

PT-2026-49749

Name of the Vulnerable Software and Affected Versions stable-diffusion.cpp versions prior to master-584-0a7ae07 Description An out-of-bounds read error exists during PyTorch checkpoint pickle opcode parsing. The pickle .ckpt parser in the src/model.cpp file fails to consistently verify that...

5.5CVSS5.9AI score0.00163EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2025/01/27 12:0 a.m.12 views

PT-2025-5340 · Vllm · Vllm

Name of the Vulnerable Software and Affected Versions: vLLM versions prior to 0.7.0 Description: The issue concerns the vLLM library, specifically the vllm/model executor/weight utils.py file, which implements hf model weights iterator to load model checkpoints downloaded from Hugging Face. It...

8.8CVSS7.3AI score0.00694EPSS
Exploits0References14
The Hacker News
The Hacker News
added 2024/02/27 10:18 a.m.67 views

New Hugging Face Vulnerability Exposes AI Models to Supply Chain Attacks

Cybersecurity researchers have found that it's possible to compromise the Hugging Face Safetensors conversion service to ultimately hijack the models submitted by users and result in supply chain attacks. "It's possible to send malicious pull requests with attacker-controlled data from the Huggin...

6.5CVSS7.8AI score0.01175EPSS
Exploits1
Rows per page
Query Builder