Pytorch before v2.2.0 has an Out-of-bounds Read vulnerability via the component torch/csrc/jit/mobile/flatbuffer_loader.cpp.
{ "vanir_signatures": [ { "target": { "file": "torch/csrc/jit/mobile/flatbuffer_loader.cpp" }, "id": "CVE-2024-31584-0d83c28f", "source": "https://github.com/pytorch/pytorch/commit/7c35874ad664e74c8e4252d67521f3986eadb0e6", "digest": { "line_hashes": [ "73924839185676104863459105402130033064", "12116427904939260286894645868788306222", "324318308147286460958469659025962953122", "2248410013577482140896826655308268437" ], "threshold": 0.9 }, "signature_version": "v1", "deprecated": false, "signature_type": "Line" }, { "target": { "file": "torch/csrc/jit/mobile/flatbuffer_loader.cpp", "function": "FlatbufferLoader::parseModule" }, "id": "CVE-2024-31584-217d6031", "source": "https://github.com/pytorch/pytorch/commit/7c35874ad664e74c8e4252d67521f3986eadb0e6", "digest": { "length": 1514.0, "function_hash": "55576803198432511994628715333552249560" }, "signature_version": "v1", "deprecated": false, "signature_type": "Function" } ] }