Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
VITA-MLLM Freeze-Omni utils.py torch.load deserialization
Vulnerability Description
A vulnerability, which was classified as problematic, has been found in VITA-MLLM Freeze-Omni up to 20250421. This issue affects the function torch.load of the file models/utils.py. The manipulation of the argument path leads to deserialization. It is possible to launch the attack on the local host.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
可信数据的反序列化
Vulnerability Title
Freeze-Omni 代码问题漏洞
Vulnerability Description
Freeze-Omni是VITA-MLLM开源的一种基于Freeze LLM的智能低延迟语音对话模型。 Freeze-Omni 20250421及之前版本存在代码问题漏洞,该漏洞源于对文件models/utils.py中参数path的错误操作导致反序列化。
CVSS Information
N/A
Vulnerability Type
N/A