Exploit for CVE-2026-7482

CVE-2026-7482: Ollama GGUF Heap OOB Read Reproduction This re...

CVE-2026-33298

A flaw was found in llama.cpp. A remote attacker could exploit an integer overflow vulnerability in the ggmlnbytes function by crafting a malicious GGUF GGML Universal Format file with specific tensor dimensions. This flaw causes the ggmlnbytes function to return an incorrect size, leading to a...

PYSEC-2025-139

MLX is an array framework for machine learning on Apple silicon. Prior to version 0.29.4, there is a segmentation fault in mlx::core::loadgguf when loading malicious GGUF files. Untrusted pointer from external gguflib library is dereferenced without validation, causing application crash. This iss...

CVE-2025-62609 MLX has Wild Pointer Dereference in load_gguf()

MLX is an array framework for machine learning on Apple silicon. Prior to version 0.29.4, there is a segmentation fault in mlx::core::loadgguf when loading malicious GGUF files. Untrusted pointer from external gguflib library is dereferenced without validation, causing application crash. This iss...

MLX has Wild Pointer Dereference in load_gguf()

Summary Segmentation fault in mlx::core::loadgguf when loading malicious GGUF files. Untrusted pointer from external gguflib library is dereferenced without validation, causing application crash. Environment: - OS: Ubuntu 20.04.6 LTS - Compiler: Clang 19.1.7 Vulnerability Location: mlx/io/gguf.cp...

GHSA-J842-XGM4-WF88 MLX has Wild Pointer Dereference in load_gguf()

Summary Segmentation fault in mlx::core::loadgguf when loading malicious GGUF files. Untrusted pointer from external gguflib library is dereferenced without validation, causing application crash. Environment: - OS: Ubuntu 20.04.6 LTS - Compiler: Clang 19.1.7 Vulnerability Location: mlx/io/gguf.cp...

CVE-2024-4897

parisneo/lollms-webui, in its latest version, is vulnerable to remote code execution due to an insecure dependency on llama-cpp-python version llamacpppython-0.2.61+cpuavx2-cp311-cp311-manylinux231x8664. The vulnerability arises from the application's 'bindingzoo' feature, which allows attackers ...

CVE-2024-4897

The CVE-2024-4897 entry affects parisneo/lollms-webui via an insecure dependency on llama-cpp-python (llama_cpp_python-0.2.61+cpuavx2-...), with exploitation possible through the bindings_zoo feature when processing gguf model files. Connected Red Hat CVE-2024-34359 documents explain that the roo...

CVE-2024-4897 Remote Code Execution in parisneo/lollms-webui

parisneo/lollms-webui, in its latest version, is vulnerable to remote code execution due to an insecure dependency on llama-cpp-python version llamacpppython-0.2.61+cpuavx2-cp311-cp311-manylinux231x8664. The vulnerability arises from the application's 'bindingzoo' feature, which allows attackers ...

llama.cpp Input Validation Error Vulnerability

llama.cpp is a multimodal model by the individual developer Georgi Gerganov. An input validation error vulnerability exists in versions of llama.cpp prior to 18c2e17, which stems from a heap-based buffer overflow vulnerability in the header.nkv function in GGUF, where a specially crafted .gguf fi...