These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2026-47750 is a HIGH severity vulnerability in stable-diffusion.cpp, a C/C++ library for running diffusion model inference. A heap buffer overflow occurs in the pickle .ckpt parser in src/model.cpp due to a missing validation when searching for newline-delimited fields. This allows an attacker to craft a malicious .ckpt file that can cause immediate heap corruption when loaded. The attack requires the [truncated]
CVE-2026-47747 is a high-severity vulnerability in stable-diffusion.cpp, a C/C++ library for running diffusion models. The vulnerability is caused by a heap buffer overflow in the pickle .ckpt parser in src/model.cpp, specifically in the BINUNICODE opcode handler. This issue was caused by sign confusion on the opcode length field. A crafted .ckpt file could trigger memcpy with a very large length derived [truncated]
CVE-2026-47749 is a high-severity vulnerability in stable-diffusion.cpp, a C/C++ library for running diffusion model inference. The vulnerability is caused by a heap buffer overflow in the SHORT_BINUNICODE parsing for PyTorch checkpoint files. This issue was resolved in version master-584-0a7ae07. Affected applications loading untrusted .ckpt model files could be vulnerable to heap corruption, potentially [truncated]
CVE-2026-47748 is a MEDIUM severity vulnerability in stable-diffusion.cpp, a pure C/C++ library for running diffusion model inference. Versions prior to master-584-0a7ae07 are vulnerable to an out-of-bounds reads error through PyTorch checkpoint pickle opcode parsing. The pickle .ckpt parser in src/model.cpp did not consistently check that enough input remained before reading opcode arguments or advancing [truncated]