Vulnerability Details : CVE-2023-6656
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in DeepFaceLab pretrained DF.wf.288res.384.92.72.22. It has been rated as critical. Affected by this issue is some unknown functionality of the file DFLIMG/DFLJPG.py. The manipulation leads to deserialization. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The identifier of this vulnerability is VDB-247364. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
Products affected by CVE-2023-6656
- cpe:2.3:a:iperov:deepfacelab:df.wf.288res.384.92.72.22:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-6656
0.15%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 51 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-6656
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.1
|
MEDIUM | AV:N/AC:H/Au:N/C:P/I:P/A:P |
4.9
|
6.4
|
VulDB | |
5.0
|
MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L |
1.6
|
3.4
|
VulDB | |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H |
1.6
|
5.9
|
NIST |
CWE ids for CVE-2023-6656
-
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.Assigned by: cna@vuldb.com (Primary)
References for CVE-2023-6656
-
https://github.com/bayuncao/vul-cve-1
GitHub - bayuncao/vul-cve-1: DeepFaceLab is at risk of command injection vulnerabilityBroken Link
-
https://vuldb.com/?id.247364
CVE-2023-6656: DeepFaceLab DFLJPG.py deserializationThird Party Advisory
-
https://vuldb.com/?ctiid.247364
CVE-2023-6656: DeepFaceLab DFLJPG.py deserializationPermissions Required
Jump to