Security Advisory

CVE-2025-62608

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-11-21 18:56:03

Last updated 2025-11-21 19:10:00

Assigner GitHub_M

State PUBLISHED

Description

MLX is an array framework for machine learning on Apple silicon. Prior to version 0.29.4, there is a heap buffer overflow in mlx::core::load() when parsing malicious NumPy .npy files. Attacker-controlled file causes 13-byte out-of-bounds read, leading to crash or information disclosure. This issue has been patched in version 0.29.4.

← Browse all CVEs View on cve.org ↗