VYPR
Moderate severityNVD Advisory· Published Nov 21, 2025· Updated Nov 21, 2025

MLX has Wild Pointer Dereference in load_gguf()

CVE-2025-62609

Description

MLX is an array framework for machine learning on Apple silicon. Prior to version 0.29.4, there is a segmentation fault in mlx::core::load_gguf() when loading malicious GGUF files. Untrusted pointer from external gguflib library is dereferenced without validation, causing application crash. This issue has been patched in version 0.29.4.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
mlxPyPI
< 0.29.40.29.4

Affected products

2
  • ghsa-coords
    Range: < 0.29.4
  • ml-explore/mlxv5
    Range: < 0.29.4

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.