| Titre | FunAudioLLM InspireMusic 0.0 Deserialization |
|---|
| Description | InspireMusic is a unified framework for music, song, and audio generation by LLM. It uses the torch.load function to load data without specifying the weights_only=True parameter. This function is used to deserialize data, and when it loads untrusted data, it may lead to the execution of arbitrary code during the deserialization process. Since the source of the data loaded by torch.load is not verified, there is a risk that malicious model can be used to exploit this vulnerability.
More details: https://github.com/FunAudioLLM/InspireMusic/issues/53 |
|---|
| La source | ⚠️ https://github.com/FunAudioLLM/InspireMusic/issues/53 |
|---|
| Utilisateur | ybdesire (UID 83239) |
|---|
| Soumission | 08/05/2025 16:07 (il y a 12 mois) |
|---|
| Modérer | 24/05/2025 18:25 (16 days later) |
|---|
| Statut | Accepté |
|---|
| Entrée VulDB | 310236 [FunAudioLLM InspireMusic Pickle Data model.py load_state_dict élévation de privilèges] |
|---|
| Points | 20 |
|---|