PyTorch is a Python package that provides tensor computation. Prior to version 2.10.0, a vulnerability in PyTorch's `weights_only` unpickler allows an attacker …

A vulnerability in PyTorch's weights_only unpickler allows attackers to craft malicious checkpoint files (.pth) that can corrupt memory and potentially lead to arbitrary code execution when loaded with torch.load(..., weights_only=True). The vulnerability affects PyTorch versions prior to 2.10.0. Attackers can exploit this by creating specially crafted .pth checkpoint files. The issue has been fixed in PyTorch version 2.10.0. This represents a significant security risk for machine learning applications using PyTorch for model loading.