Pytorch is vulnerable to an Out-of-bounds Read. The vulnerability is caused due to a missing validation for mobile_ivalue_size_
variable for a value greater than ivalues->size()
in function FlatbufferLoader::parseModule
within torch/csrc/jit/mobile/flatbuffer_loader.cpp
. This introduces potential for memory corruption when parsing the mobile_bytecode
Module.