llama-cpp-python vulnerable to Remote Code Execution by Server-Side Template Injection in Model Metadata

Description llama-cpp-python depends on class Llama in llama.py to load .gguf llama.cpp or Latency Machine Learning Models. The init constructor built in the Llama takes several parameters to configure the loading and running of the model. Other than NUMA, LoRa settings, loading tokenizers, and...

akasha-terminal (>=0.8.0 <=0.8.23), coconut-ai (>=0.2.0 <=1.0.0) +7 more potentially affected by CVE-2024-34359 via llama-cpp-python (>=0.2.32 <=0.2.67)

llama-cpp-python PYPI version =0.2.32, =0.8.0, =0.2.0, =0.1.5, =0.0.1, =0.2.2, =0.0.7, =1.8.1.dev11, =0.0.20, =0.0.26 Source cves: CVE-2024-34359 Source advisory: OSV:GHSA-56XG-WFCC-G829...

CVE-2024-34359 llama-cpp-python vulnerable to Remote Code Execution by Server-Side Template Injection in Model Metadata

llama-cpp-python is the Python bindings for llama.cpp. llama-cpp-python depends on class Llama in llama.py to load .gguf llama.cpp or Latency Machine Learning Models. The init constructor built in the Llama takes several parameters to configure the loading and running of the model. Other than NUM...

CVE-2024-34359 llama-cpp-python vulnerable to Remote Code Execution by Server-Side Template Injection in Model Metadata

llama-cpp-python is the Python bindings for llama.cpp. llama-cpp-python depends on class Llama in llama.py to load .gguf llama.cpp or Latency Machine Learning Models. The init constructor built in the Llama takes several parameters to configure the loading and running of the model. Other than NUM...

CVE-2024-34359 llama-cpp-python vulnerable to Remote Code Execution by Server-Side Template Injection in Model Metadata

llama-cpp-python is the Python bindings for llama.cpp. llama-cpp-python depends on class Llama in llama.py to load .gguf llama.cpp or Latency Machine Learning Models. The init constructor built in the Llama takes several parameters to configure the loading and running of the model. Other than NUM...

CVE-2024-34359

CVE-2024-34359 affects llama-cpp-python (Python bindings for llama.cpp). The vulnerability arises when init loads a model’s chat template from the gguf metadata and constructs self.chat_handler via llama_chat_format.Jinja2ChatFormatter.to_chat_handler(), using a sandbox-less Jinja2 Environment. R...

PT-2024-25816

Name of the Vulnerable Software and Affected Versions llama-cpp-python affected versions not specified Description The issue is related to a Server Side Template Injection vulnerability in the llama-cpp-python package, which allows for remote code execution. This is due to the use of...

Fedora 40 : et (2024-b745c97f4b)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-b745c97f4b advisory. Update to 6.2.8, fixing CVE-2022-48257 and CVE-2022-48258 ---- Unbundle cpp-httlib, fixing CVE-2023-26130 Tenable has extracted the preceding...

Fedora 39 : et (2024-94a155818c)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-94a155818c advisory. Update to 6.2.8, fixing CVE-2022-48257 and CVE-2022-48258 ---- Unbundle cpp-httlib, fixing CVE-2023-26130 Tenable has extracted the preceding...

lunasvg 安全漏洞

LunaSVG is a standalone C SVG rendering library by the individual developer Samuel Ugochukwu. A security vulnerability exists in lunasvg version v2.3.9, which stems from a buffer overflow vulnerability in lunasvg/source/layoutcontext.cpp...

Fedora 40 : abseil-cpp (2024-bb70b21754)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-bb70b21754 advisory. Update to 20240116.2: fixes possible out-of-bounds string access as described in https://github.com/abseil/abseil-cpp/pull/1650. Tenable has extracted the...

PyTorch before v2.2.0 was discovered to contain a heap buffer overflow vulnerability in the component /runtime/vararg_functions.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

...

thingvellir (>=0.0.0-alpha1 <=0.0.2-alpha2) potentially affected by CVE-2024-27284 via cassandra-cpp (=0.15.1)

cassandra-cpp CARGO version =0.15.1 is affected by a known vulnerability. The following packages have a transitive dependency on cassandra-cpp and may be impacted: - thingvellir =0.0.0-alpha1, =0.0.2-alpha2 Source cves: CVE-2024-27284 Source advisory: OSV:GHSA-X9XC-63HG-VCFQ...

Bento4 安全漏洞

Bento4 is an open source C++ library for reading and writing MP4 files. A security vulnerability exists in Bento4 version v.1.6.0-641. A remote attacker can exploit this vulnerability to execute arbitrary code via Ap4MdhdAtom.cpp,AP4MdhdAtom::AP4MdhdAtom,mp4fragment...

CVE-2024-0051

In onQueueFilled of SoftMPEG4.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

Heap overflow

In onQueueFilled of SoftMPEG4.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2024-0051

In onQueueFilled of SoftMPEG4.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2024-0051

CVE-2024-0051 : The vulnerability is in onQueueFilled of SoftMPEG4.cpp, causing a possible out-of-bounds write due to a heap buffer overflow. The issue could lead to local elevation of privilege without requiring user interaction, as described across multiple sources (e.g., NVD/Red Hat CNVD/CVE l...

CVE-2024-0051

In onQueueFilled of SoftMPEG4.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

Fedora: Security Advisory (FEDORA-2024-56fbd2cbfa)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...