7 matches found
containerd CRI checkpoint restore CDI annotation smuggling
Impact containerd's CRI implementation improperly trusts Container Device Interface CDI annotations found within untrusted checkpoint image metadata during container restoration. When restoring a container from a checkpoint, containerd preserves CDI-related annotations from the checkpoint archive...
GHSA-33VJ-92QQ-66HC containerd CRI checkpoint restore CDI annotation smuggling
Impact containerd's CRI implementation improperly trusts Container Device Interface CDI annotations found within untrusted checkpoint image metadata during container restoration. When restoring a container from a checkpoint, containerd preserves CDI-related annotations from the checkpoint archive...
CVE-2026-47750 stable-diffusion.cpp: Heap buffer overflow in GLOBAL opcode parsing for PyTorch checkpoint files
stable-diffusion.cpp is a pure C/C++ library for running diffusion model Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more inference. In versions prior to master-584-0a7ae07, the pickle .ckpt parser in src/model.cpp contained a heap buffer overflow vulnerability in the GLOBAL opcode...
PT-2026-49750
Name of the Vulnerable Software and Affected Versions stable-diffusion.cpp versions prior to master-584-0a7ae07 Description A heap buffer overflow exists in the SHORT BINUNICODE parsing for PyTorch checkpoint files within the pickle .ckpt parser in src/model.cpp. The issue stems from sign confusi...
CVE-2026-24747
PyTorch prior to v2.10.0 is vulnerable to memory corruption and potential arbitrary code execution via the weights_only unpickler when loading a malicious .pth checkpoint with torch.load(..., weights_only=True). Affected software is PyTorch (Python tensor computation package); the issue is fixed ...
CVE-2025-14926
A flaw was found in the Hugging Face Transformers library. The convertconfig function fails to validate a user-supplied string before using it to execute Python code. An attacker can exploit this flaw by providing a malicious SEW model checkpoint, causing arbitrary code execution in the context o...
Insecure Deserialization
monai is vulnerable to Insecure Deserialization. The vulnerability is due to loading of untrusted checkpoint files like torch.load used without safe guards. This allows an attacker to supply a crafted checkpoint that executes arbitrary code during deserialization...