Linuxfoundation

Pytorch

30 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2025-3000

  • EPSS 0.08%
  • Veröffentlicht 31.03.2025 15:15:46
  • Zuletzt bearbeitet 29.05.2025 15:53:39

A vulnerability classified as critical has been found in PyTorch 2.6.0. This affects the function torch.jit.script. The manipulation leads to memory corruption. It is possible to launch the attack on the local host. The exploit has been disclosed to ...

5.3

CVE-2025-2999

  • EPSS 0.1%
  • Veröffentlicht 31.03.2025 15:15:44
  • Zuletzt bearbeitet 29.05.2025 15:53:46

A vulnerability was found in PyTorch 2.6.0. It has been rated as critical. Affected by this issue is the function torch.nn.utils.rnn.unpack_sequence. The manipulation leads to memory corruption. Attacking locally is a requirement. The exploit has bee...

5.3

CVE-2025-2998

  • EPSS 0.1%
  • Veröffentlicht 31.03.2025 14:15:20
  • Zuletzt bearbeitet 29.05.2025 15:53:57

A vulnerability was found in PyTorch 2.6.0. It has been declared as critical. Affected by this vulnerability is the function torch.nn.utils.rnn.pad_packed_sequence. The manipulation leads to memory corruption. Local access is required to approach thi...

2.5

CVE-2025-2149

Exploit
  • EPSS 0.05%
  • Veröffentlicht 10.03.2025 12:31:04
  • Zuletzt bearbeitet 24.02.2026 18:52:49

A vulnerability was found in PyTorch 2.6.0+cu124. It has been rated as problematic. Affected by this issue is the function nnq_Sigmoid of the component Quantized Sigmoid Module. The manipulation of the argument scale/zero_point leads to improper init...

7.5

CVE-2025-2148

  • EPSS 0.08%
  • Veröffentlicht 10.03.2025 12:15:12
  • Zuletzt bearbeitet 24.02.2026 19:52:04

A vulnerability was found in PyTorch 2.6.0+cu124. It has been declared as critical. Affected by this vulnerability is the function torch.ops.profiler._call_end_callbacks_on_jit_fut of the component Tuple Handler. The manipulation of the argument None...

9.8

CVE-2024-48063

Exploit
  • EPSS 25.1%
  • Veröffentlicht 29.10.2024 21:15:04
  • Zuletzt bearbeitet 16.07.2025 00:25:40

In PyTorch <=2.4.1, the RemoteModule has Deserialization RCE. NOTE: this is disputed by multiple parties because this is intended behavior in PyTorch distributed computing.

5.5

CVE-2024-31584

  • EPSS 0.08%
  • Veröffentlicht 19.04.2024 21:15:08
  • Zuletzt bearbeitet 03.06.2025 14:04:04

Pytorch before v2.2.0 has an Out-of-bounds Read vulnerability via the component torch/csrc/jit/mobile/flatbuffer_loader.cpp.

7.8

CVE-2024-31583

  • EPSS 0.05%
  • Veröffentlicht 17.04.2024 19:15:07
  • Zuletzt bearbeitet 10.06.2025 01:33:43

Pytorch before version v2.2.0 was discovered to contain a use-after-free vulnerability in torch/csrc/jit/mobile/interpreter.cpp.

4

CVE-2024-31580

  • EPSS 0.04%
  • Veröffentlicht 17.04.2024 19:15:07
  • Zuletzt bearbeitet 10.06.2025 17:38:16

PyTorch before v2.2.0 was discovered to contain a heap buffer overflow vulnerability in the component /runtime/vararg_functions.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

9.8

CVE-2022-45907

Exploit
  • EPSS 0.79%
  • Veröffentlicht 26.11.2022 02:15:10
  • Zuletzt bearbeitet 25.04.2025 20:15:37

In PyTorch before trunk/89695, torch.jit.annotations.parse_type_line can cause arbitrary code execution because eval is used unsafely.