CVE-2025-49847 llama.cpp Vulnerable to Buffer Overflow via Malicious GGUF Model

llama.cpp is an inference of several LLM models in C/C++. Prior to version b5662, an attacker‐supplied GGUF model vocabulary can trigger a buffer overflow in llama.cpp’s vocabulary‐loading code. Specifically, the helper trycopy in llama.cpp/src/vocab.cpp: llamavocab::impl::tokentopiece casts a ve...

PT-2025-25757 · Llama.Cpp · Llama.Cpp

Name of the Vulnerable Software and Affected Versions: llama.cpp versions prior to b5662 Description: The issue is related to a buffer overflow in the vocabulary-loading code of llama.cpp. An attacker-supplied GGUF model vocabulary can trigger this overflow. Specifically, the helper function toke...

SUSE CVE-2024-12055

A vulnerability in Ollama versions =0.3.14 allows a malicious user to create a customized gguf model file that can be uploaded to the public Ollama server. When the server processes this malicious model, it crashes, leading to a Denial of Service DoS attack. The root cause of the issue is an...

SUSE CVE-2025-0312

A vulnerability in ollama/ollama versions =0.3.14 allows a malicious user to create a customized GGUF model file that, when uploaded and created on the Ollama server, can cause a crash due to an unchecked null pointer dereference. This can lead to a Denial of Service DoS attack via remote network...

SUSE CVE-2025-0315

A vulnerability in ollama/ollama =0.3.14 allows a malicious user to create a customized GGUF model file, upload it to the Ollama server, and create it. This can cause the server to allocate unlimited memory, leading to a Denial of Service DoS attack...

CVE-2025-0313

CVE-2025-0313 is a duplicate of CVE-2024-12055 (rejected entry in NVD). Connected sources describe the underlying issue in Ollama <= 0.3.14: an out-of-bounds read in gguf.go that allows a malicious user to craft a GGUF model file uploaded to the public Ollama server, causing a crash andDenial ...

CVE-2025-0313

...