PT-2026-55726 · Onnx · Onnx
M00Dy
·
Published
2026-07-04
·
Updated
2026-07-04
·
CVE-2026-14647
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
onnx versions prior to 1.22.0
Description
A weakness in the onnxruntime component allows for a remote out-of-bounds read. This occurs within the
convPoolShapeInference opset19() function located in the onnx/defs/nn/old.cc file.Recommendations
Apply patch a7bf3a0f1d18bb62575236ef6e4944980c40e045 to resolve the issue.
As a temporary mitigation, restrict the use of the
convPoolShapeInference opset19() function.Exploit
Fix
Out of bounds Read
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Onnx