#CVE202434359

Researchers Uncover Flaws in Python Package for AI Models and PDF.js Used by Firefox

by

May 21, 2024 at 07:09AM A critical security flaw in the llama_cpp_python Python package (CVE-2024-34359, codenamed Llama Drama) allows threat actors to execute arbitrary code, posing a risk to data and operations. Another high-severity flaw in Mozilla’s PDF.js library permits JavaScript execution in the PDF.js context. Both issues have been addressed in recent software updates. … Read more

Critical Flaw in AI Python Package Can Lead to System and Data Compromise

by

May 17, 2024 at 09:57AM A critical vulnerability, tracked as CVE-2024-34359 and named Llama Drama, was discovered in a Python package used by AI developers. The flaw allows for arbitrary code execution, posing a risk to systems and data. Cybersecurity firm Checkpoint detailed the issue, and a patch has been released with llama_cpp_python 0.2.72. More … Read more