Versions of the package onnx before and including 1.15.0 are vulnerable to Out-of-bounds Read as the ONNX_ASSERT and ONNX_ASSERTM functions have an off by one string copy. https://github.com/onnx/onnx/commit/08a399ba75a805b7813ab8936b91d0e274b08287
Created onnx tracking bugs for this issue: Affects: fedora-all [bug 2265740]