109 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-34159
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - llama.cpp is an inference of several LLM models in C/C++. Prior to version b8492, the RPC backend's deserializetensor skips all bounds validation when a tensor'...
EUVD-2026-17975
llama.cpp is an inference of several LLM models in C/C++. Prior to version b8492, the RPC backend's deserializetensor skips all bounds validation when a tensor's buffer field is 0. An unauthenticated attacker can read and write arbitrary process memory via crafted GRAPHCOMPUTE messages. Combined...
PT-2026-29570
Name of the Vulnerable Software and Affected Versions llama.cpp versions prior to b8492 Description A logic bug in the RPC backend's deserialize tensor function allows an unauthenticated attacker to read and write arbitrary process memory. This occurs because bounds validation is skipped when a...
Linux Distros Unpatched Vulnerability : CVE-2026-33298
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - llama.cpp is an inference of several LLM models in C/C++. Prior to b7824, an integer overflow vulnerability in the ggmlnbytes function allows an attacker to...
Linux Distros Unpatched Vulnerability : CVE-2026-27940
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - llama.cpp is an inference of several LLM models in C/C++. Prior to b8146, the ggufinitfromfileimpl in gguf.cpp is vulnerable to an Integer overflow, leading to ...
CVE-2026-27940 llama.cpp has a Heap Buffer Overflow via Integer Overflow in `mem_size` Calculation — Bypass of CVE-2025-53630 Fix
llama.cpp is an inference of several LLM models in C/C++. Prior to b8146, the ggufinitfromfileimpl in gguf.cpp is vulnerable to an Integer overflow, leading to an undersized heap allocation. Using the subsequent fread writes 528+ bytes of attacker-controlled data past the buffer boundary. This is...
llama.cpp 输入验证错误漏洞
Llama.cpp is a multimodal model developed by Georgi Gerganov. Prior versions of llama.cpp b8146 contained an input validation vulnerability; this vulnerability stemmed from an integer overflow in the ggufinitfromfileimpl function, which could lead to writing outside the buffer boundaries...
PT-2026-24951
llama.cpp is an inference of several LLM models in C/C++. Prior to b8146, the gguf init from file impl in gguf.cpp is vulnerable to an Integer overflow, leading to an undersized heap allocation. Using the subsequent fread writes 528+ bytes of attacker-controlled data past the buffer boundary. Thi...
PT-2026-6804
Name of the Vulnerable Software and Affected Versions ggml-org llama.cpp versions prior to 55abc39 Description A flaw exists in the GBNF Grammar Handler component of ggml-org llama.cpp. Specifically, the llama grammar advance stack function within the llama.cpp/src/llama-grammar.cpp file is...
llama.cpp 安全漏洞
Llama.cpp is a multimodal model developed by Georgi Gerganov. Versions of Llama.cpp with the version number 55abc39 and earlier contain security vulnerabilities, which stem from a stack buffer overflow in the GBNF syntax processor...
CVE-2026-21869 llama.cpp has Out-of-bounds Write in llama-server
llama.cpp is an inference of several LLM models in C/C++. In commits 55d4206c8 and prior, the ndiscard parameter is parsed directly from JSON input in the llama.cpp server's completion endpoints without validation to ensure it's non-negative. When a negative value is supplied and the context fill...
CVE-2026-21869
CVE-2026-21869 affects llama.cpp prior to commit 55d4206c9, where the server’s completion endpoints parse the non‑negative constraint for the JSON input parameter n_discard without validation. A negative n_discard can cause a reversed range/offset in llama_memory_seq_rm/add, leading to out‑of‑bou...
PT-2026-2109
Name of the Vulnerable Software and Affected Versions llama.cpp versions prior to commit 55d4206c9 Description llama.cpp is an inference engine for several Large Language Models LLMs implemented in C/C++. The software parses the n discard parameter directly from JSON input in its completion...
OESA-2025-2373 llama.cpp security update
Security Fixes: llama.cpp is an inference of several LLM models in C/C++. Prior to version b5721, there is a signed vs. unsigned integer overflow in llama.cpp's tokenizer implementation llamavocab::tokenize src/llama-vocab.cpp:3036 resulting in unintended behavior in tokens copying size compariso...
OESA-2025-2372 llama.cpp security update
Security Fixes: llama.cpp is an inference of several LLM models in C/C++. Prior to version b5721, there is a signed vs. unsigned integer overflow in llama.cpp's tokenizer implementation llamavocab::tokenize src/llama-vocab.cpp:3036 resulting in unintended behavior in tokens copying size compariso...
EUVD-2024-21099
Malicious code in bioql PyPI...
EUVD-2024-19448
Malicious code in bioql PyPI...
EUVD-2024-39637
Malicious code in bioql PyPI...
EUVD-2024-30655
Malicious code in bioql PyPI...
EUVD-2024-19437
Malicious code in bioql PyPI...