CVE-2024-27763

MEDIUM

XPixelGroup BasicSR <=1.4.2 - Code Injection

Title source: llm

Description

XPixelGroup BasicSR through 1.4.2 might locally allow code execution in contrived situations where "scontrol show hostname" is executed in the presence of a crafted SLURM_NODELIST environment variable.

References (2)

Core 2

Core References

Various Sources

https://gist.github.com/aydinnyunus/40e1d8a3b529261ae654ff4891f1e192

Various Sources

https://github.com/XPixelGroup/BasicSR/blob/master/basicsr/utils/dist_util.py#L44

View Writeup ZIP pw:eip

Scores

CVSS v3 5.3

EPSS 0.0004

EPSS Percentile 12.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-77

Status published

Products (1)

pypi/basicsr 0PyPI

Published Mar 12, 2025

Tracked Since Feb 18, 2026