VulnerableCode Package Details - pkg:deb/debian/pytorch@1.7.1-7

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:deb/debian/pytorch@1.7.1-7

Essentials
History (6)

purl	pkg:deb/debian/pytorch@1.7.1-7

Next non-vulnerable version	2.12.0+dfsg2-3
Latest non-vulnerable version	2.12.0+dfsg2-3
Risk

Vulnerabilities affecting this package (6)

Vulnerability	Summary	Fixed by
VCID-1fx4-95p5-6kgv Aliases: CVE-2022-45907 GHSA-47fc-vmwq-366v PYSEC-2022-43015	In PyTorch before trunk/89695, torch.jit.annotations.parse_type_line can cause arbitrary code execution because eval is used unsafely.	1.13.1+dfsg-4 Affected by 7 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-69gt-qhaf-63gv Aliases: CVE-2024-31583 GHSA-pg7h-5qx3-wjr3 PYSEC-2024-251	Pytorch before version v2.2.0 was discovered to contain a use-after-free vulnerability in torch/csrc/jit/mobile/interpreter.cpp.	2.6.0+dfsg-7 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-8u6v-jzkr-nkb4 Aliases: CVE-2025-46152 PYSEC-2025-201	In PyTorch before 2.7.0, bitwise_right_shift produces incorrect output for certain out-of-bounds values of the "other" argument.	2.12.0+dfsg2-3 Affected by 0 other vulnerabilities.
VCID-cwfe-teus-ykbj Aliases: CVE-2025-3730 GHSA-887c-mr87-cxwp	PyTorch Improper Resource Shutdown or Release vulnerability A vulnerability, which was classified as problematic, was found in PyTorch 2.6.0. Affected is the function torch.nn.functional.ctc_loss of the file aten/src/ATen/native/LossCTC.cpp. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The name of the patch is 46fc5d8e360127361211cb237d5f9eef0223e567. It is recommended to apply a patch to fix this issue.	2.12.0+dfsg2-3 Affected by 0 other vulnerabilities.
VCID-jqpq-n5zb-2ydh Aliases: CVE-2025-55552 PYSEC-2025-204	pytorch v2.8.0 was discovered to display unexpected behavior when the components torch.rot90 and torch.randn_like are used together.	2.12.0+dfsg2-3 Affected by 0 other vulnerabilities.
VCID-x8ck-txve-s7gy Aliases: CVE-2025-55557 PYSEC-2025-207	A Name Error occurs in pytorch v2.7.0 when a PyTorch model consists of torch.cummin and is compiled by Inductor, leading to a Denial of Service (DoS).	2.12.0+dfsg2-3 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-04T19:59:48.316260+00:00	Debian Importer	Affected by	VCID-69gt-qhaf-63gv	https://security-tracker.debian.org/tracker/data/json	38.6.0
2026-06-04T19:58:37.098710+00:00	Debian Importer	Affected by	VCID-cwfe-teus-ykbj	https://security-tracker.debian.org/tracker/data/json	38.6.0
2026-06-04T19:49:02.556530+00:00	Debian Importer	Affected by	VCID-8u6v-jzkr-nkb4	https://security-tracker.debian.org/tracker/data/json	38.6.0
2026-06-04T19:48:59.328711+00:00	Debian Importer	Affected by	VCID-x8ck-txve-s7gy	https://security-tracker.debian.org/tracker/data/json	38.6.0
2026-06-04T19:46:31.013003+00:00	Debian Importer	Affected by	VCID-1fx4-95p5-6kgv	https://security-tracker.debian.org/tracker/data/json	38.6.0
2026-06-04T19:41:36.061661+00:00	Debian Importer	Affected by	VCID-jqpq-n5zb-2ydh	https://security-tracker.debian.org/tracker/data/json	38.6.0