3 matches found
CVE-2024-23496
creationtimestamp| type| source ---|---|--- 2024-03-14 09:51:12+00:00| seen| https://t.me/ctinow/207576 2025-02-12 19:07:39+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/4115...
CVE-2024-23496
A heap-based buffer overflow vulnerability exists in the GGUF library gguffreadstr functionality of llama.cpp Commit 18c2e17. A specially crafted .gguf file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability...
CVE-2024-23496
CVE-2024-23496 affects llama.cpp’s GGUF file parsing in the gguf_fread_str function. The root cause is an integer overflow when reading a string length p->n, leading to p->data = calloc(p->n + 1, 1) and a potentially undersized allocation. A heap-based buffer overflow can occur when the ...