Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
MLX has heap-buffer-overflow in load()
Vulnerability Description
MLX is an array framework for machine learning on Apple silicon. Prior to version 0.29.4, there is a heap buffer overflow in mlx::core::load() when parsing malicious NumPy .npy files. Attacker-controlled file causes 13-byte out-of-bounds read, leading to crash or information disclosure. This issue has been patched in version 0.29.4.
CVSS Information
N/A
Vulnerability Type
堆缓冲区溢出
Vulnerability Title
MLX 安全漏洞
Vulnerability Description
MLX是ml-explore开源的一个机器学习框架。 MLX 0.29.4之前版本存在安全漏洞,该漏洞源于解析恶意NumPy文件时存在堆缓冲区溢出,可能导致崩溃或信息泄露。
CVSS Information
N/A
Vulnerability Type
N/A