CNNVD-202511-2447 Information

CNNVD ID

CNNVD-202511-2447

Related CVE

CVE-2025-62608

• CNNVD Published: 2025-11-21

Description (Chinese)

MLX是ml-explore开源的一个机器学习框架。 MLX 0.29.4之前版本存在安全漏洞，该漏洞源于解析恶意NumPy文件时存在堆缓冲区溢出，可能导致崩溃或信息泄露。

Description (English)

MLX is a machine learning framework for the ml-explore open source. There was a security loophole in the previous version of MLX 0.29.4, which resulted from the spilling of a pile of buffer zones when the malicious NumPy document was solved, which could lead to a breakdown or a leak of information.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

ml-explore

Published

2025-11-21

Last Modified

2026-02-24

References

https://github.com/ml-explore/mlx/security/advisories/GHSA-w6vg-jg77-2qg6 https://github.com/ml-explore/mlx/pull/2 https://github.com/ml-explore/mlx/pull/1 https://cxsecurity.com/issue/WLB-2026020032

Patch

https://github.com/ml-explore/mlx/releases