Debian Pytorch vulnerabilities

CVE-2025-46149 [MEDIUM] CVE-2025-46149: pytorch - In PyTorch before 2.7.0, when inductor is used, nn.Fold has an assertion error. In PyTorch before 2.7.0, when inductor is used, nn.Fold has an assertion error. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2025-55554 [MEDIUM] CVE-2025-55554: pytorch - pytorch v2.8.0 was discovered to contain an integer overflow in the component to... pytorch v2.8.0 was discovered to contain an integer overflow in the component torch.nan_to_num-.long(). Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2025-3136 [MEDIUM] CVE-2025-3136: pytorch - A vulnerability, which was classified as problematic, has been found in PyTorch ... A vulnerability, which was classified as problematic, has been found in PyTorch 2.6.0. This issue affects the function torch.cuda.memory.caching_allocator_delete of the file c10/cuda/CUDACachingAllocator.cpp. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Scope: local

CVE-2025-46150 [MEDIUM] CVE-2025-46150: pytorch - In PyTorch before 2.7.0, when torch.compile is used, FractionalMaxPool2d has inc... In PyTorch before 2.7.0, when torch.compile is used, FractionalMaxPool2d has inconsistent results. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2025-63396 [LOW] CVE-2025-63396: pytorch - An issue was discovered in PyTorch v2.5 and v2.7.1. Omission of profiler.stop() ... An issue was discovered in PyTorch v2.5 and v2.7.1. Omission of profiler.stop() can cause torch.profiler.profile (PythonTracer) to crash or hang during finalization, leading to a Denial of Service (DoS). Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2025-2148 [LOW] CVE-2025-2148: pytorch - A vulnerability was found in PyTorch 2.6.0+cu124. It has been declared as critic... A vulnerability was found in PyTorch 2.6.0+cu124. It has been declared as critical. Affected by this vulnerability is the function torch.ops.profiler._call_end_callbacks_on_jit_fut of the component Tuple Handler. The manipulation of the argument None leads to memory corruption. The attack can be launched remotely. The complexity of an attack is rather high. The exploit

CVE-2025-2149 [LOW] CVE-2025-2149: pytorch - A vulnerability was found in PyTorch 2.6.0+cu124. It has been rated as problemat... A vulnerability was found in PyTorch 2.6.0+cu124. It has been rated as problematic. Affected by this issue is the function nnq_Sigmoid of the component Quantized Sigmoid Module. The manipulation of the argument scale/zero_point leads to improper initialization. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitation is kn

CVE-2024-31583 [HIGH] CVE-2024-31583: pytorch - Pytorch before version v2.2.0 was discovered to contain a use-after-free vulnera... Pytorch before version v2.2.0 was discovered to contain a use-after-free vulnerability in torch/csrc/jit/mobile/interpreter.cpp. Scope: local bookworm: open bullseye: open forky: resolved (fixed in 2.4.1-1) sid: resolved (fixed in 2.4.1-1) trixie: resolved (fixed in 2.4.1-1)

CVE-2024-31584 [MEDIUM] CVE-2024-31584: pytorch - Pytorch before v2.2.0 has an Out-of-bounds Read vulnerability via the component ... Pytorch before v2.2.0 has an Out-of-bounds Read vulnerability via the component torch/csrc/jit/mobile/flatbuffer_loader.cpp. Scope: local bookworm: open bullseye: resolved forky: resolved (fixed in 2.4.1-1) sid: resolved (fixed in 2.4.1-1) trixie: resolved (fixed in 2.4.1-1)

CVE-2024-31580 [MEDIUM] CVE-2024-31580: pytorch - PyTorch before v2.2.0 was discovered to contain a heap buffer overflow vulnerabi... PyTorch before v2.2.0 was discovered to contain a heap buffer overflow vulnerability in the component /runtime/vararg_functions.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. Scope: local bookworm: open bullseye: open forky: resolved (fixed in 2.4.1-1) sid: resolved (fixed in 2.4.1-1) trixie: resolved (fixed in 2.4

CVE-2024-48063 [CRITICAL] CVE-2024-48063: pytorch - In PyTorch <=2.4.1, the RemoteModule has Deserialization RCE. NOTE: this is disp... In PyTorch <=2.4.1, the RemoteModule has Deserialization RCE. NOTE: this is disputed by multiple parties because this is intended behavior in PyTorch distributed computing. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2022-45907 [CRITICAL] CVE-2022-45907: pytorch - In PyTorch before trunk/89695, torch.jit.annotations.parse_type_line can cause a... In PyTorch before trunk/89695, torch.jit.annotations.parse_type_line can cause arbitrary code execution because eval is used unsafely. Scope: local bookworm: resolved (fixed in 1.13.1+dfsg-1) bullseye: open forky: resolved (fixed in 1.13.1+dfsg-1) sid: resolved (fixed in 1.13.1+dfsg-1) trixie: resolved (fixed in 1.13.1+dfsg-1)