49 matches found
CVE-2026-34159 llama.cpp: Unauthenticated RCE via GRAPH_COMPUTE buffer=0 bypass in llama.cpp RPC backend
llama.cpp is an inference of several LLM models in C/C++. Prior to version b8492, the RPC backend's deserializetensor skips all bounds validation when a tensor's buffer field is 0. An unauthenticated attacker can read and write arbitrary process memory via crafted GRAPHCOMPUTE messages. Combined...
CVE-2026-34159
llama.cpp is an inference of several LLM models in C/C++. Prior to version b8492, the RPC backend's deserializetensor skips all bounds validation when a tensor's buffer field is 0. An unauthenticated attacker can read and write arbitrary process memory via crafted GRAPHCOMPUTE messages. Combined...
CVE-2026-34159
llama.cpp is an inference of several LLM models in C/C++. Prior to version b8492, the RPC backend's deserializetensor skips all bounds validation when a tensor's buffer field is 0. An unauthenticated attacker can read and write arbitrary process memory via crafted GRAPHCOMPUTE messages. Combined...
UBUNTU-CVE-2026-33298
llama.cpp is an inference of several LLM models in C/C++. Prior to b7824, an integer overflow vulnerability in the ggmlnbytes function allows an attacker to bypass memory validation by crafting a GGUF file with specific tensor dimensions. This causes ggmlnbytes to return a significantly smaller...
CVE-2026-33298
llama.cpp is an inference of several LLM models in C/C++. Prior to b7824, an integer overflow vulnerability in the ggmlnbytes function allows an attacker to bypass memory validation by crafting a GGUF file with specific tensor dimensions. This causes ggmlnbytes to return a significantly smaller...
CVE-2026-33298 llama.cpp has a Heap Buffer Overflow via Integer Overflow in GGUF Tensor Parsing
llama.cpp is an inference of several LLM models in C/C++. Prior to b7824, an integer overflow vulnerability in the ggmlnbytes function allows an attacker to bypass memory validation by crafting a GGUF file with specific tensor dimensions. This causes ggmlnbytes to return a significantly smaller...
CVE-2026-33298
Summary (CVE-2026-33298) : llama.cpp (C/C++) contains an integer overflow in the ggml_nbytes function during GGUF tensor parsing, allowing an attacker to bypass memory validation by crafting tensor dimensions. This can cause ggml_nbytes to report a far too small size (examples cite 4 MB vs exabyt...
SUSE CVE-2026-2069
A flaw has been found in ggml-org llama.cpp up to 55abc39. Impacted is the function llamagrammaradvancestack of the file llama.cpp/src/llama-grammar.cpp of the component GBNF Grammar Handler. This manipulation causes stack-based buffer overflow. The attack needs to be launched locally. The exploi...
DEBIAN-CVE-2026-27940
llama.cpp is an inference of several LLM models in C/C++. Prior to b8146, the ggufinitfromfileimpl in gguf.cpp is vulnerable to an Integer overflow, leading to an undersized heap allocation. Using the subsequent fread writes 528+ bytes of attacker-controlled data past the buffer boundary. This is...
CVE-2026-27940 llama.cpp has a Heap Buffer Overflow via Integer Overflow in `mem_size` Calculation — Bypass of CVE-2025-53630 Fix
llama.cpp is an inference of several LLM models in C/C++. Prior to b8146, the ggufinitfromfileimpl in gguf.cpp is vulnerable to an Integer overflow, leading to an undersized heap allocation. Using the subsequent fread writes 528+ bytes of attacker-controlled data past the buffer boundary. This is...
CVE-2026-28400
Docker Model Runner DMR is software used to manage, run, and deploy AI models using Docker. Versions prior to 1.0.16 expose a POST /engines/configure endpoint that accepts arbitrary runtime flags without authentication. These flags are passed directly to the underlying inference server llama.cpp...
CVE-2026-28400
Docker Model Runner DMR is software used to manage, run, and deploy AI models using Docker. Versions prior to 1.0.16 expose a POST /engines/configure endpoint that accepts arbitrary runtime flags without authentication. These flags are passed directly to the underlying inference server llama.cpp...
CVE-2026-2069
A flaw has been found in ggml-org llama.cpp up to 55abc39. Impacted is the function llamagrammaradvancestack of the file llama.cpp/src/llama-grammar.cpp of the component GBNF Grammar Handler. This manipulation causes stack-based buffer overflow. The attack needs to be launched locally. The exploi...
CVE-2026-2069
A flaw has been found in ggml-org llama.cpp up to 55abc39. Impacted is the function llamagrammaradvancestack of the file llama.cpp/src/llama-grammar.cpp of the component GBNF Grammar Handler. This manipulation causes stack-based buffer overflow. The attack needs to be launched locally. The exploi...
Out-of-bounds Write
Overview Affected versions of this package are vulnerable to Out-of-bounds Write via the ndiscard parameter in the server's completion endpoints. An attacker can cause memory corruption, process crashes, or potentially execute arbitrary code by supplying a negative value that leads to out-of-boun...
Linux Distros Unpatched Vulnerability : CVE-2025-52566
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - llama.cpp is an inference of several LLM models in C/C++. Prior to version b5721, there is a signed vs. unsigned integer overflow in llama.cpp's tokenizer...
Linux Distros Unpatched Vulnerability : CVE-2025-49847
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - llama.cpp is an inference of several LLM models in C/C++. Prior to version b5662, an attackersupplied GGUF model vocabulary can trigger a buffer overflow in...
EUVD-2024-44465
Malicious code in bioql PyPI...
EUVD-2024-39638
Malicious code in bioql PyPI...
DEBIAN-CVE-2025-53630
llama.cpp is an inference of several LLM models in C/C++. Integer Overflow in the ggufinitfromfileimpl function in ggml/src/gguf.cpp can lead to Heap Out-of-Bounds Read/Write. This vulnerability is fixed in commit 26a48ad699d50b6268900062661bd22f3e792579...