CosyVoice Insecure Deserialization Vulnerability Allowing Arbitrary Code Execution

A vulnerability allowing insecure deserialization has been identified in CosyVoice, specifically in the data processing tool 'make_parquet_list.py'. This issue arises because the script loads PyTorch .pt files using 'torch.load()' without activating the 'weights_only=True' security parameter. As a result, arbitrary Python objects can be deserialized via the pickle module. An attacker could exploit this vulnerability by supplying malicious .pt files within a data directory. When the directory is processed with the tool, it leads to the execution of arbitrary code on the victim's system.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the system processing the malicious .pt files.

Reproduction

To reproduce this vulnerability, place a malicious .pt file that exploits the insecure deserialization into a data directory. Then, use the CosyVoice 'make_parquet_list.py' tool to process the directory. The absence of the 'weights_only=True' parameter in the 'torch.load()' function will enable the deserialization of the malicious payload, resulting in arbitrary code execution.