CVE-2026-34159

llama.cpp is an inference of several LLM models in C/C++. Prior to version b8492, the RPC backend's deserializetensor skips all bounds validation when a tensor's buffer field is 0. An unauthenticated attacker can read and write arbitrary process memory via crafted GRAPHCOMPUTE messages. Combined...

CVE-2026-34159

llama.cpp is an inference of several LLM models in C/C++. Prior to version b8492, the RPC backend's deserializetensor skips all bounds validation when a tensor's buffer field is 0. An unauthenticated attacker can read and write arbitrary process memory via crafted GRAPHCOMPUTE messages. Combined...

CVE-2026-34159

The CVE-2026-34159 entry for llama.cpp describes an unauthenticated RCE via the RPC backend: prior to v.b8492, deserialize_tensor() omits bounds validation when tensor.buffer == 0, enabling an attacker to read/write arbitrary process memory through crafted GRAPH_COMPUTE messages. Combined with AL...

llama.cpp 缓冲区错误漏洞

Llama.cpp is a multimodal model developed by Georgi Gerganov. Prior versions of llama.cpp b8492 contained a buffer error vulnerability. This vulnerability stemmed from the deserializetensor function in the RPC backend, which skipped all boundary verifications when the buffer field of the tensor w...

SUSE CVE-2026-33298

llama.cpp is an inference of several LLM models in C/C++. Prior to b7824, an integer overflow vulnerability in the ggmlnbytes function allows an attacker to bypass memory validation by crafting a GGUF file with specific tensor dimensions. This causes ggmlnbytes to return a significantly smaller...

UBUNTU-CVE-2026-27940

llama.cpp is an inference of several LLM models in C/C++. Prior to b8146, the ggufinitfromfileimpl in gguf.cpp is vulnerable to an Integer overflow, leading to an undersized heap allocation. Using the subsequent fread writes 528+ bytes of attacker-controlled data past the buffer boundary. This is...

LLM Security and Safety: Insights from Homotopy-Inspired Prompt Obfuscation

In this study, we propose a homotopy-inspired prompt obfuscation framework to enhance understanding of security and safety vulnerabilities in Large Language Models LLMs. By systematically applying carefully engineered prompts, we demonstrate how latent model behaviors can be influenced in...

CVE-2026-21869

A flaw was found in llama.cpp. A remote attacker can exploit an input validation vulnerability in the server's completion endpoints. By supplying a negative value for the ndiscard parameter in JSON input, an attacker can cause out-of-bounds memory writes. This can lead to a process crash or enabl...

llama.cpp 缓冲区错误漏洞

llama.cpp is a multimodal model by the individual developer Georgi Gerganov. A buffer error vulnerability exists in llama.cpp 55d4206c8 and earlier versions, which stems from an unvalidated non-negative value of the ndiscard parameter, which can lead to out-of-bounds memory writes and remote code...

CVE-2026-21869 llama.cpp has Out-of-bounds Write in llama-server

llama.cpp is an inference of several LLM models in C/C++. In commits 55d4206c8 and prior, the ndiscard parameter is parsed directly from JSON input in the llama.cpp server's completion endpoints without validation to ensure it's non-negative. When a negative value is supplied and the context fill...

Low Rank Comes with Low Security: Gradient Assembly Poisoning Attacks against Distributed LoRA-Based LLM Systems

Low-Rank Adaptation LoRA has become a popular solution for fine-tuning large language models LLMs in federated settings, dramatically reducing update costs by introducing trainable low-rank matrices. However, when integrated with frameworks like FedIT, LoRA introduces a critical vulnerability:...

Llama-Based Source Code Vulnerability Detection: Prompt Engineering Vs Fine Tuning

The significant increase in software production, driven by the acceleration of development cycles over the past two decades, has led to a steady rise in software vulnerabilities, as shown by statistics published yearly by the CVE program. The automation of the source code vulnerability detection...

SUSE CVE-2025-53630

llama.cpp is an inference of several LLM models in C/C++. Integer Overflow in the ggufinitfromfileimpl function in ggml/src/gguf.cpp can lead to Heap Out-of-Bounds Read/Write. This vulnerability is fixed in commit 26a48ad699d50b6268900062661bd22f3e792579...

CVE-2024-34359

llama-cpp-python is the Python bindings for llama.cpp. llama-cpp-python depends on class Llama in llama.py to load .gguf llama.cpp or Latency Machine Learning Models. The init constructor built in the Llama takes several parameters to configure the loading and running of the model. Other than NUM...

Private LoRA Fine-Tuning of Open-Source LLMs with Homomorphic Encryption

Preserving data confidentiality during the fine-tuning of open-source Large Language Models LLMs is crucial for sensitive applications. This work introduces an interactive protocol adapting the Low-Rank Adaptation LoRA technique for private fine-tuning. Homomorphic Encryption HE protects the...

[SECURITY] Fedora 42 Update: llama-cpp-b4094-11.fc42

The main goal of llama.cpp is to run the LLaMA model using 4-bit integer quantization on a MacBook Plain C/C++ implementation without dependencies Apple silicon first-class citizen - optimized via ARM NEON, Accelerate and Metal frameworks AVX, AVX2 and AVX512 support for x86 architectures Mixed F...

[SECURITY] Fedora 40 Update: llama-cpp-b3561-1.fc40

The main goal of llama.cpp is to run the LLaMA model using 4-bit integer quantization on a MacBook Plain C/C++ implementation without dependencies Apple silicon first-class citizen - optimized via ARM NEON, Accelerate and Metal frameworks AVX, AVX2 and AVX512 support for x86 architectures Mixed F...

Llama.cpp 安全漏洞

llama.cpp is a LLaMA model for inferring Meta in pure C/C++. A security vulnerability exists in Llama.cpp, which stems from an exploit of an uninitialized heap variable vulnerability in ggufinitfromfile...

llama.cpp Input Validation Error Vulnerability

llama.cpp is a multimodal model by Georgi Gerganov Personal Developer. An input validation error vulnerability exists in llama.cpp, which stems from a specially crafted .gguf file that could lead to code execution...

llama.cpp Input Validation Error Vulnerability

llama.cpp is a multimodal model by the individual developer Georgi Gerganov. An input validation error vulnerability exists in versions of llama.cpp prior to 18c2e17, which stems from a heap-based buffer overflow vulnerability in the header.nkv function in GGUF, where a specially crafted .gguf fi...