Lucene search
K

10 matches found

NVD
NVD
added 2026/06/22 11:16 p.m.10 views

CVE-2026-53923

vLLM is an inference and serving engine for large language models LLMs. From 0.5.5 until 0.23.1rc0, integer truncation of tensor dimensions in vLLM's GGUF dequantize kernels csrc/quantization/gguf/ggufkernel.cu causes partial tensor processing. The output tensor is allocated at full size via...

7.5CVSS0.00281EPSS
Exploits0References3
CVE
CVE
added 2026/06/22 9:55 p.m.13 views

CVE-2026-53923

Summary of CVE-2026-53923 : The vulnerability affects vLLM (GGUF dequantize kernels) where integer truncation of tensor dimensions causes partially filled output tensors. From 0.5.5 up to 0.23.1rc0, the code allocates the full output tensor (torch::empty) but the CUDA kernel processes only a trun...

7.5CVSS5.8AI score0.00281EPSS
Exploits0References3Affected Software1
Snyk
Snyk
added 2026/03/24 2:32 a.m.1 views

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow in the ggmlnbytes function. An attacker can achieve memory corruption and potentially execute arbitrary code by supplying a specially crafted GGUF file with manipulated tensor dimensions that trigger an intege...

8.5CVSS6.3AI score0.00477EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/24 12:1 a.m.4 views

CVE-2026-33298

llama.cpp is an inference of several LLM models in C/C++. Prior to b7824, an integer overflow vulnerability in the ggmlnbytes function allows an attacker to bypass memory validation by crafting a GGUF file with specific tensor dimensions. This causes ggmlnbytes to return a significantly smaller...

7.8CVSS6.1AI score0.00477EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/01/09 9:21 a.m.7 views

CVE-2021-41197

TensorFlow is an open source platform for machine learning. In affected versions TensorFlow allows tensor to have a large number of dimensions and each dimension can be as large as desired. However, the total number of elements in a tensor must fit within an int64t. If an overflow occurs,...

5.5CVSS6.5AI score0.00307EPSS
Exploits2References1
OSV
OSV
added 2021/11/05 8:15 p.m.3 views

PYSEC-2021-805

TensorFlow is an open source platform for machine learning. In affected versions TensorFlow allows tensor to have a large number of dimensions and each dimension can be as large as desired. However, the total number of elements in a tensor must fit within an int64t. If an overflow occurs,...

5.5CVSS5.9AI score0.00307EPSS
Exploits1References6
Debian CVE
Debian CVE
added 2021/11/05 7:55 p.m.2 views

CVE-2021-41197

TensorFlow is an open source platform for machine learning. In affected versions TensorFlow allows tensor to have a large number of dimensions and each dimension can be as large as desired. However, the total number of elements in a tensor must fit within an int64t. If an overflow occurs,...

5.5CVSS7.1AI score0.00307EPSS
Exploits1
CNNVD
CNNVD
added 2021/11/05 12:0 a.m.17 views

Google TensorFlow 输入验证错误漏洞

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. Google TensorFlow suffers from an input validation error vulnerability that stems from the fact that TensorFlow allows tensors to have a large number of dimensions, each of which can be adjusted...

5.5CVSS5.7AI score0.00307EPSS
Exploits1References8
OSV
OSV
added 2021/05/21 2:28 p.m.5 views

GHSA-9C84-4HX6-XMM4 Integer overflow in TFLite concatentation

Impact The TFLite implementation of concatenation is vulnerable to an integer overflow issue: cc for int d = 0; d dims-size; ++d if d == axis sumaxis += t-dims-dataaxis; else TFLITEENSUREEQcontext, t-dims-datad, t0-dims-datad; An attacker can craft a model such that the dimensions of one of the...

6.3CVSS7AI score0.00192EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2021/05/14 12:0 a.m.3 views

PT-2021-18352 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.5.0 TensorFlow versions 2.4.2, 2.3.3, 2.2.3, and 2.1.4 are also affected Description: The TFLite implementation of concatenation is vulnerable to an integer overflow issue. An attacker can craft a model such tha...

7.1CVSS6.9AI score0.00192EPSS
Exploits1References14
Rows per page
Query Builder