We use cookies to improve your experience on our site.
AVID-2026-R1357
Description
DeepFaceLab Util.py deserialization (CVE-2024-0654)
Details
A vulnerability, which was classified as problematic, was found in DeepFaceLab pretrained DF.wf.288res.384.92.72.22. Affected is an unknown function of the file mainscripts/Util.py. The manipulation leads to deserialization. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. VDB-251382 is the identifier assigned to this vulnerability.
Reason for inclusion in AVID: CVE-2024-0654 describes a deserialization vulnerability in DeepFaceLab’s Util.py, enabling potential exploitation via crafted input with local access. This is a software vulnerability in an AI-related tool used in ML workflows (deepfake/AI model tooling), affecting an artifact within the AI software stack. The issue is in a component that can be used to build/run AI systems, not purely hardware/firmware. The report provides CVE details, CWE type (Deserialization), CVSS data, and public references, giving sufficient signal for AVID curation.
References
- NVD entry
- https://vuldb.com/?id.251382
- https://vuldb.com/?ctiid.251382
- https://github.com/bayuncao/vul-cve-4
- https://github.com/bayuncao/vul-cve-4/blob/main/picture/1071705290840_.pic_hd.jpg
Affected or Relevant Artifacts
- Developer: n/a
- Deployer: n/a
- Artifact Details:
| Type | Name |
|---|---|
| System | DeepFaceLab |
Impact
AVID Taxonomy Categorization
- Risk domains: Security
- SEP subcategories: S0100: Software Vulnerability
- Lifecycle stages: L06: Deployment
CVSS
| Version | 3.1 |
| Vector String | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L |
| Base Score | 5.3 |
| Base Severity | 🟠 Medium |
CWE
| ID | Description |
|---|---|
| CWE-502 | CWE-502 Deserialization |
Other information
- Report Type: Advisory
- Credits:
- Date Reported: 2024-01-18
- Version: 0.3.3
- AVID Entry