Lucene search
K

26 matches found

CERT
CERT
added 2026/04/22 12:0 a.m.18 views

Ollama GGUF Quantization Remote Memory Leak

Overview Ollama’s model quantization engine contains a vulnerability that allows an attacker with access to the model upload interface to read and potentially exfiltrate heap memory from the server. This issue may lead to unintended behavior, including unauthorized access to sensitive data and, i...

7.5CVSS6AI score0.00551EPSS
Exploits1
Snyk
Snyk
added 2026/03/24 2:32 a.m.1 views

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow in the ggmlnbytes function. An attacker can achieve memory corruption and potentially execute arbitrary code by supplying a specially crafted GGUF file with manipulated tensor dimensions that trigger an intege...

8.5CVSS6.3AI score0.00477EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/24 12:1 a.m.5 views

CVE-2026-33298

llama.cpp is an inference of several LLM models in C/C++. Prior to b7824, an integer overflow vulnerability in the ggmlnbytes function allows an attacker to bypass memory validation by crafting a GGUF file with specific tensor dimensions. This causes ggmlnbytes to return a significantly smaller...

7.8CVSS6.1AI score0.00477EPSS
Exploits1References3
EUVD
EUVD
added 2026/03/24 12:1 a.m.6 views

EUVD-2026-14668

llama.cpp is an inference of several LLM models in C/C++. Prior to b7824, an integer overflow vulnerability in the ggmlnbytes function allows an attacker to bypass memory validation by crafting a GGUF file with specific tensor dimensions. This causes ggmlnbytes to return a significantly smaller...

7.8CVSS6.1AI score0.00477EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/03/12 4:39 p.m.28 views

CVE-2026-27940 llama.cpp has a Heap Buffer Overflow via Integer Overflow in `mem_size` Calculation — Bypass of CVE-2025-53630 Fix

llama.cpp is an inference of several LLM models in C/C++. Prior to b8146, the ggufinitfromfileimpl in gguf.cpp is vulnerable to an Integer overflow, leading to an undersized heap allocation. Using the subsequent fread writes 528+ bytes of attacker-controlled data past the buffer boundary. This is...

7.8CVSS0.00177EPSS
Exploits1References1
CVE
CVE
added 2026/03/12 4:39 p.m.48 views

CVE-2026-27940

Summary of CVE-2026-27940 : The llama.cpp component has a vulnerability in gguf_init_from_file_impl() within gguf.cpp where an integer overflow leads to an undersized heap allocation. This enables a subsequent fread() to write 528+ bytes of attacker-controlled data past the buffer boundary, const...

7.8CVSS6AI score0.00177EPSS
Exploits1References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/09 9:33 a.m.3 views

CVE-2024-39720

An issue was discovered in Ollama before 0.1.46. An attacker can use two HTTP requests to upload a malformed GGUF file containing just 4 bytes starting with the GGUF custom magic header. By leveraging a custom Modelfile that includes a FROM statement pointing to the attacker-controlled blob file,...

8.2CVSS7AI score0.02479EPSS
Exploits1References1
Veracode
Veracode
added 2025/12/13 7:45 a.m.6 views

Denial Of Service (DoS)

mlx is vulnerable to Denial of Service DoS. The vulnerability is due to dereferencing an untrusted pointer from the external gguflib library in mlx::core::loadgguf without proper validation, allowing a malicious GGUF file to trigger a segmentation fault and crash the application...

7.5CVSS5.8AI score0.00328EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2025/11/21 6:57 p.m.23 views

CVE-2025-62609

MLX (on Apple silicon) prior to version 0.29.4 is affected by a wild pointer dereference in mlx::core::load_gguf() when loading malicious GGUF files, dereferencing an untrusted pointer from gguflib without validation and causing a crash. The issue stems from loading external GGUF data and manifes...

7.5CVSS6.2AI score0.00328EPSS
Exploits1References1Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-7036

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.00822EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/02/05 11:3 a.m.7 views

CVE-2024-21802

A heap-based buffer overflow vulnerability exists in the GGUF library info-ne functionality of llama.cpp Commit 18c2e17. A specially crafted .gguf file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability...

9.8CVSS7.4AI score0.01375EPSS
Exploits1References1
Veracode
Veracode
added 2024/11/13 11:52 a.m.9 views

Out-of-bounds Read

Ollama is vulnerable to Out-of-bounds Read. The vulnerability is due to the ability to upload a malformed GGUF file containing only 4 bytes with a custom magic header. By using a custom Modelfile with a FROM statement pointing to an attacker-controlled blob, the attacker can cause a segmentation...

8.2CVSS6.7AI score0.02479EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2024/10/31 8:15 p.m.27 views

CVE-2024-39720

An issue was discovered in Ollama before 0.1.46. An attacker can use two HTTP requests to upload a malformed GGUF file containing just 4 bytes starting with the GGUF custom magic header. By leveraging a custom Modelfile that includes a FROM statement pointing to the attacker-controlled blob file,...

8.2CVSS0.02479EPSS
Exploits1References2
OSV
OSV
added 2024/10/31 8:15 p.m.12 views

CVE-2024-39720

An issue was discovered in Ollama before 0.1.46. An attacker can use two HTTP requests to upload a malformed GGUF file containing just 4 bytes starting with the GGUF custom magic header. By leveraging a custom Modelfile that includes a FROM statement pointing to the attacker-controlled blob file,...

8.2CVSS8.2AI score
Exploits0References2
Cvelist
Cvelist
added 2024/10/31 12:0 a.m.25 views

CVE-2024-39720

An issue was discovered in Ollama before 0.1.46. An attacker can use two HTTP requests to upload a malformed GGUF file containing just 4 bytes starting with the GGUF custom magic header. By leveraging a custom Modelfile that includes a FROM statement pointing to the attacker-controlled blob file,...

0.02479EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/04/26 12:0 a.m.7 views

Llama.cpp 安全漏洞

llama.cpp is a LLaMA model for inferring Meta in pure C/C++. A security vulnerability exists in Llama.cpp, which stems from an exploit of an uninitialized heap variable vulnerability in ggufinitfromfile...

8.8CVSS6.8AI score0.00696EPSS
Exploits0References4
AlpineLinux
AlpineLinux
added 2024/02/26 4:7 p.m.6 views

CVE-2024-23605

A heap-based buffer overflow vulnerability exists in the GGUF library header.nkv functionality of llama.cpp Commit 18c2e17. A specially crafted .gguf file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability...

9.8CVSS7.6AI score0.01349EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/02/26 12:0 a.m.8 views

PT-2024-1984 · Unknown · Gguf Library

Name of the Vulnerable Software and Affected Versions: GGUF library affected versions not specified Description: A heap-based buffer overflow vulnerability exists in the GGUF library's GGUF TYPE ARRAY/GGUF TYPE STRING parsing functionality of llama.cpp. This issue is related to integer overflow...

9.8CVSS9.2AI score0.01349EPSS
Exploits1References8
Talos
Talos
added 2024/02/26 12:0 a.m.34 views

llama.cpp GGUF library header.n_kv heap-based buffer overflow vulnerability

Talos Vulnerability Report TALOS-2024-1916 llama.cpp GGUF library header.nkv heap-based buffer overflow vulnerability February 26, 2024 CVE Number CVE-2024-23605 SUMMARY A heap-based buffer overflow vulnerability exists in the GGUF library header.nkv functionality of llama.cpp Commit 18c2e17. A...

9.8CVSS8.8AI score0.01349EPSS
Exploits1
Talos
Talos
added 2024/02/26 12:0 a.m.39 views

llama.cpp GGUF library info->ne heap-based buffer overflow vulnerability

Talos Vulnerability Report TALOS-2024-1914 llama.cpp GGUF library info-ne heap-based buffer overflow vulnerability February 26, 2024 CVE Number CVE-2024-21802 SUMMARY A heap-based buffer overflow vulnerability exists in the GGUF library info-ne functionality of llama.cpp Commit 18c2e17. A special...

9.8CVSS8.7AI score0.01375EPSS
Exploits1
Rows per page
Query Builder