Well, that's a really broad question in itself. It is possible in the future some vulnerability will exist in the framework, a security researcher just hasn't discovered it yet. If you're referring to a framework written in C/C++, then yes a buffer overflow is possible. Hopefully though, modern day protections such as ASLR, CFG, CFI, etc. protect you. I'll refer you to an old classic <a href="http://insecure.org/stf/smashstack.html" rel="nofollow">http://insecure.org/stf/smashstack.html</a>, however it is very hard to do this attack today. Modern compilers are pretty good at preventing developers from shooting themselves. <3 clang's memory sanitizer.<p>Arbitrary execution is more possible IMO. The way a lot of ML models are stored is by being a serialized file using a framework like pickle or Java's serialization. Theoretically, you could add code into a precompiled model that when someone loads would execute arbitrary code. This could be done using a simple technique like a code cave seen here <a href="https://en.wikipedia.org/wiki/Code_cave" rel="nofollow">https://en.wikipedia.org/wiki/Code_cave</a>. I haven't had time to dig into this myself, but I honestly don't think it would be hard.<p>I think in the next couple years you will see more vulnerabilities pop up in these frameworks, but finding security vulnerabilities take time.
There is a new different kind of attacks, i.e. fooling it to recognize things as something they aren't:<p><a href="https://media.ccc.de/v/34c3-8860-deep_learning_blindspots" rel="nofollow">https://media.ccc.de/v/34c3-8860-deep_learning_blindspots</a><p><a href="https://medium.com/@ageitgey/machine-learning-is-fun-part-8-how-to-intentionally-trick-neural-networks-b55da32b7196" rel="nofollow">https://medium.com/@ageitgey/machine-learning-is-fun-part-8-...</a>
I don't know if this counts, since your question is rather vague, but I wrote an article a while back about how Torch creates certain vulnerabilities on local systems: <a href="https://joshumax.github.io/general/2017/06/08/how-torch-broke-ls.html" rel="nofollow">https://joshumax.github.io/general/2017/06/08/how-torch-brok...</a>