Heap-based buffer overflow in onnx - #VU136855
Published: July 3, 2026
onnx
Detailed vulnerability description
The vulnerability allows a remote attacker to disclose sensitive information or cause a denial of service.
The vulnerability exists due to a heap-based buffer overflow in Gemm_7_6::adapt_gemm_7_6() when processing a crafted model during version conversion. A remote attacker can trick the victim into processing a specially crafted model to disclose sensitive information or cause a denial of service.
User interaction is required to process the crafted model through onnx.version_converter.convert_version(model, 6) during opset downgrade from 7 to 6.