Linuxfoundation: >> Pytorch >> 2.7.0 Security Vulnerabilities
PyTorch is a Python package that provides tensor computation. Prior to version 2.10.0, a vulnerability in PyTorch's `weights_only` unpickler allows an attacker to craft a malicious checkpoint file (`.pth`) that, when loaded with `torch.load(..., weights_only=True)`, can corrupt memory and potentially lead to arbitrary code execution. Version 2.10.0 fixes the issue.
CVSS Score
8.8
EPSS Score
0.0
Published
2026-01-27
An issue in pytorch v2.7.0 can lead to a Denial of Service (DoS) when a PyTorch model consists of torch.Tensor.to_sparse() and torch.Tensor.to_dense() and is compiled by Inductor.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-09-25
pytorch v2.8.0 was discovered to display unexpected behavior when the components torch.rot90 and torch.randn_like are used together.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-09-25
A syntax error in the component proxy_tensor.py of pytorch v2.7.0 allows attackers to cause a Denial of Service (DoS).
CVSS Score
7.5
EPSS Score
0.001
Published
2025-09-25
pytorch v2.8.0 was discovered to contain an integer overflow in the component torch.nan_to_num-.long().
CVSS Score
5.3
EPSS Score
0.001
Published
2025-09-25
A Name Error occurs in pytorch v2.7.0 when a PyTorch model consists of torch.cummin and is compiled by Inductor, leading to a Denial of Service (DoS).
CVSS Score
7.5
EPSS Score
0.001
Published
2025-09-25
A buffer overflow occurs in pytorch v2.7.0 when a PyTorch model consists of torch.nn.Conv2d, torch.nn.functional.hardshrink, and torch.Tensor.view-torch.mv() and is compiled by Inductor, leading to a Denial of Service (DoS).
CVSS Score
7.5
EPSS Score
0.001
Published
2025-09-25
An issue in the component torch.linalg.lu of pytorch v2.8.0 allows attackers to cause a Denial of Service (DoS) when performing a slice operation.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-09-25