{"id":"PYSEC-2024-250","details":"Pytorch before v2.2.0 has an Out-of-bounds Read vulnerability via the component torch/csrc/jit/mobile/flatbuffer_loader.cpp.","aliases":["BIT-pytorch-2024-31584","CVE-2024-31584"],"modified":"2025-06-04T15:44:21.220334Z","published":"2024-04-19T21:15:08Z","references":[{"type":"FIX","url":"https://github.com/pytorch/pytorch/commit/7c35874ad664e74c8e4252d67521f3986eadb0e6"},{"type":"WEB","url":"https://github.com/pytorch/pytorch/blob/v2.1.2/torch/csrc/jit/mobile/flatbuffer_loader.cpp#L305"}],"affected":[{"package":{"name":"torch","ecosystem":"PyPI","purl":"pkg:pypi/torch"},"ranges":[{"type":"GIT","repo":"https://github.com/pytorch/pytorch","events":[{"introduced":"0"},{"fixed":"7c35874ad664e74c8e4252d67521f3986eadb0e6"},{"fixed":"7c35874ad664e74c8e4252d67521f3986eadb0e6"}]},{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.2.0"}]}],"versions":["1.0.0","1.0.1","1.1.0","1.10.0","1.10.1","1.10.2","1.11.0","1.12.0","1.12.1","1.13.0","1.13.1","1.2.0","1.3.0","1.3.1","1.4.0","1.5.0","1.5.1","1.6.0","1.7.0","1.7.1","1.8.0","1.8.1","1.9.0","1.9.1","2.0.0","2.0.1","2.1.0","2.1.1","2.1.2"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/torch/PYSEC-2024-250.yaml"}}],"schema_version":"1.7.3"}