Lucene search
K

190 matches found

Github Security Blog
Github Security Blog
added 2026/06/10 5:11 p.m.9 views

vLLM's Artifact Pin Decay allows pinned deployments to load unpinned code, weights, and processors

Summary vLLM's revision pinning controls do not consistently apply to all artifacts loaded for a model. A deployment that supplies --revision or --code-revision can still load dynamic code, GGUF files, image processors, retrieval side weights, or same-repository subfolder weights/config from an...

6.5CVSS5.6AI score0.00146EPSS
Exploits0References2Affected Software1
VulnCheck KEV
VulnCheck KEV
added 2026/06/08 12:0 a.m.14 views

VulnCheck KEV: CVE-2026-7482

Ollama before 0.17.1 contains a heap out-of-bounds read vulnerability in the GGUF model loader. The /api/create endpoint accepts an attacker-supplied GGUF file in which the declared tensor offset and size exceed the file's actual length; during quantization in fs/ggml/gguf.go and...

9.1CVSS6.8AI score0.01001EPSS
In wildExploits3References3
The Hacker News
The Hacker News
added 2026/05/10 12:41 p.m.18 views

Ollama Out-of-Bounds Read Vulnerability Allows Remote Process Memory Leak

Cybersecurity researchers have disclosed a critical security vulnerability in Ollama that, if successfully exploited, could allow a remote, unauthenticated attacker to leak its entire process memory. The out-of-bounds read flaw, which likely impacts over 300,000 servers globally, is tracked as...

9.1CVSS6.9AI score0.01001EPSS
Exploits3
GithubExploit
GithubExploit
added 2026/05/07 4:35 p.m.116 views

Exploit for CVE-2026-7482

CVE-2026-7482: Ollama GGUF Heap OOB Read Reproduction This re...

9.1CVSS5.8AI score0.01001EPSS
Exploits3
CNVD
CNVD
added 2026/05/06 12:0 a.m.12 views

Ollama GGUF Model Loader Heap Out-of-Bounds Read Vulnerability

Ollama is an open source large language model deployment and inference tool, mainly providing model loading, quantization and API interface services. The Ollama GGUF model loader suffers from a heap out-of-bounds read vulnerability that stems from the /api/create interface failing to properly...

9.1CVSS5.8AI score0.01001EPSS
Exploits3
GithubExploit
GithubExploit
added 2026/05/05 7:55 p.m.155 views

Exploit for CVE-2026-7482

CVE-2026-7482: Ollama Heap Out-of-Bounds Read 1-Day PoC Thi...

9.1CVSS5.8AI score0.01001EPSS
Exploits3
SUSE CVE
SUSE CVE
added 2026/05/05 1:48 a.m.7 views

SUSE CVE-2026-7482

Ollama before 0.17.1 contains a heap out-of-bounds read vulnerability in the GGUF model loader. The /api/create endpoint accepts an attacker-supplied GGUF file in which the declared tensor offset and size exceed the file's actual length; during quantization in fs/ggml/gguf.go and...

9.1CVSS5.8AI score0.01001EPSS
Exploits3References3
OSV
OSV
added 2026/05/04 3:31 p.m.4 views

GHSA-X8QC-FGGM-MPQG Ollama contains a heap out-of-bounds read vulnerability in the GGUF model loader

Ollama before 0.17.1 contains a heap out-of-bounds read vulnerability in the GGUF model loader. The /api/create endpoint accepts an attacker-supplied GGUF file in which the declared tensor offset and size exceed the file's actual length; during quantization in fs/ggml/gguf.go and...

9.1CVSS5.8AI score0.01001EPSS
Exploits3References5
Snyk
Snyk
added 2026/05/04 2:28 p.m.5 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the GGUF model loader. An attacker can access sensitive server memory contents, including environment variables, API keys, system prompts, and concurrent users' conversation data, by submitting a specially crafted...

9.1CVSS6AI score0.01001EPSS
Exploits3References2
Snyk
Snyk
added 2026/05/04 2:28 p.m.6 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the GGUF model loader. An attacker can access sensitive server memory contents, including environment variables, API keys, system prompts, and concurrent users' conversation data, by submitting a specially crafted...

9.1CVSS6AI score0.01001EPSS
Exploits3References2
NVD
NVD
added 2026/05/04 1:16 p.m.5 views

CVE-2026-7482

Ollama before 0.17.1 contains a heap out-of-bounds read vulnerability in the GGUF model loader. The /api/create endpoint accepts an attacker-supplied GGUF file in which the declared tensor offset and size exceed the file's actual length; during quantization in fs/ggml/gguf.go and...

9.1CVSS0.01001EPSS
Exploits3References3
Vulnrichment
Vulnrichment
added 2026/05/04 12:38 p.m.7 views

CVE-2026-7482 Ollama heap out-of-bounds read in GGUF tensor parsing leaks server process memory to unauthenticated remote attackers

Ollama before 0.17.1 contains a heap out-of-bounds read vulnerability in the GGUF model loader. The /api/create endpoint accepts an attacker-supplied GGUF file in which the declared tensor offset and size exceed the file's actual length; during quantization in fs/ggml/gguf.go and...

9.1CVSS5.8AI score0.01001EPSS
Exploits3References3
Cvelist
Cvelist
added 2026/05/04 12:38 p.m.27 views

CVE-2026-7482 Ollama heap out-of-bounds read in GGUF tensor parsing leaks server process memory to unauthenticated remote attackers

Ollama before 0.17.1 contains a heap out-of-bounds read vulnerability in the GGUF model loader. The /api/create endpoint accepts an attacker-supplied GGUF file in which the declared tensor offset and size exceed the file's actual length; during quantization in fs/ggml/gguf.go and...

9.1CVSS0.01001EPSS
Exploits3References3
AlpineLinux
AlpineLinux
added 2026/05/04 12:38 p.m.7 views

CVE-2026-7482

Ollama before 0.17.1 contains a heap out-of-bounds read vulnerability in the GGUF model loader. The /api/create endpoint accepts an attacker-supplied GGUF file in which the declared tensor offset and size exceed the file's actual length; during quantization in fs/ggml/gguf.go and...

9.1CVSS6AI score0.01001EPSS
Exploits3References3
CVE
CVE
added 2026/05/04 12:38 p.m.36 views

CVE-2026-7482

Ollama CVE-2026-7482 is a heap out-of-bounds read in the GGUF model loader affecting the /api/create path, where an attacker-supplied GGUF file can declare tensor offsets/sizes that exceed the file, causing reads past the allocated heap in fs/ggml/gguf.go and server/quantization.go (WriteTo()). L...

9.1CVSS5.8AI score0.01001EPSS
In wildExploits3References3Affected Software1
CNNVD
CNNVD
added 2026/05/04 12:0 a.m.11 views

Ollama 缓冲区错误漏洞

Ollama is an open source large language model deployment and inference tool, mainly providing model loading, quantization and API interface services. The Ollama GGUF model loader suffers from a heap out-of-bounds read vulnerability that stems from the /api/create interface failing to properly...

9.1CVSS6AI score0.01001EPSS
Exploits3References1
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.7 views

PT-2026-34454

Name of the Vulnerable Software and Affected Versions Ollama affected versions not specified Description An out-of-bounds memory read and write issue exists in the GGUF GPT-Generated Unified Format quantization engine. This occurs because the engine lacks proper bounds checking and trusts tensor...

7.5CVSS6.6AI score0.00551EPSS
Exploits1References18
CERT
CERT
added 2026/04/22 12:0 a.m.18 views

Ollama GGUF Quantization Remote Memory Leak

Overview Ollama’s model quantization engine contains a vulnerability that allows an attacker with access to the model upload interface to read and potentially exfiltrate heap memory from the server. This issue may lead to unintended behavior, including unauthorized access to sensitive data and, i...

7.5CVSS6AI score0.00551EPSS
Exploits1
The Hacker News
The Hacker News
added 2026/04/20 5:14 p.m.9 views

SGLang CVE-2026-5760 (CVSS 9.8) Enables RCE via Malicious GGUF Model Files

A critical security vulnerability has been disclosed in SGLang that, if successfully exploited, could result in remote code execution on susceptible systems. The vulnerability, tracked as CVE-2026-5760 , carries a CVSS score of 9.8 out of 10.0. It has been described as a case of command injection...

9.8CVSS6.9AI score0.2842EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2026/03/25 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-33298

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - llama.cpp is an inference of several LLM models in C/C++. Prior to b7824, an integer overflow vulnerability in the ggmlnbytes function allows an attacker to...

7.8CVSS6AI score0.00477EPSS
Exploits1References2
Rows per page
Query Builder