GrepRules
Sign inPublish rule
Explore/cve-2026-34760-do-not-use-librosa-load

CVE-2026-34760: Do Not Use Librosa Load

Calling `librosa.load()` poses a Denial of Service (DoS) risk in CUDA environments. When processing unsupported or malformed audio formats, `librosa` falls back to `audioread`, which spawns an `ffmpeg` subprocess. Subprocess forking unexpectedly breaks active CUDA contexts, leading to fatal worker crashes. Furthermore, `librosa` employs a discrepancy in mono

Provally CuratedPublic repositoryMediumMedium confidenceVerifiedApache-2.0Python
greprules fetch cve-2026-34760-do-not-use-librosa-load --engine opengrep

Description

Calling `librosa.load()` poses a Denial of Service (DoS) risk in CUDA environments. When processing unsupported or malformed audio formats, `librosa` falls back to `audioread`, which spawns an `ffmpeg` subprocess. Subprocess forking unexpectedly breaks active CUDA contexts, leading to fatal worker crashes. Furthermore, `librosa` employs a discrepancy in mono

License
Apache-2.0
Source context
Public repository
Source
Provally CVE rule catalog
Validation status
Verified
Quality signals
145 downloads0 direct145 via packs
· 0 stars · Quality score 65How quality works
Included packs
2 packs