| Titel | VITA-MLLM Freeze-Omni 0.0 Deserialization |
|---|
| Beschreibung | Freeze-Omni, a speech-to-speech dialogue model, has a critical vulnerability (CWE-502: Deserialization of Untrusted Data). In the models/utils.py file, the torch.load function is used without the weights_only=True parameter when loading data from a file specified by the path parameter. If an attacker-crafted malicious pickle file is loaded, it can trigger arbitrary code execution during deserialization. This allows attackers to gain unauthorized system access or carry out malicious actions. All versions of Freeze-Omni are affected, and as of now, there's no fix on the latest main branch.
More details: https://github.com/VITA-MLLM/Freeze-Omni/issues/29 |
|---|
| Quelle | ⚠️ https://github.com/VITA-MLLM/Freeze-Omni/issues/29 |
|---|
| Benutzer | ybdesire (UID 83239) |
|---|
| Einreichung | 30.04.2025 15:49 (vor 12 Monaten) |
|---|
| Moderieren | 15.05.2025 08:31 (15 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 308999 [VITA-MLLM Freeze-Omni bis 20250421 models/utils.py torch.load path erweiterte Rechte] |
|---|
| Punkte | 20 |
|---|