EUVD-2024-30655

Malicious code in bioql PyPI...

PT-2025-29152

Name of the Vulnerable Software and Affected Versions: llama.cpp affected versions not specified Description: An integer overflow in the gguf init from file impl function within ggml/src/gguf.cpp can lead to a Heap Out-of-Bounds Read/Write. Recommendations: Update to a version containing commit...

CVE-2025-49847

llama.cpp is an inference of several LLM models in C/C++. Prior to version b5662, an attacker‐supplied GGUF model vocabulary can trigger a buffer overflow in llama.cpp’s vocabulary‐loading code. Specifically, the helper trycopy in llama.cpp/src/vocab.cpp: llamavocab::impl::tokentopiece casts a ve...

llama.cpp 安全漏洞

llama.cpp is a multimodal model by the individual developer Georgi Gerganov. A security vulnerability exists in versions of llama.cpp prior to b5662, which stems from a buffer overflow that may be triggered by the GGUF model vocabulary, potentially leading to memory corruption and execution of...

PT-2025-25757 · Llama.Cpp · Llama.Cpp

Name of the Vulnerable Software and Affected Versions: llama.cpp versions prior to b5662 Description: The issue is related to a buffer overflow in the vocabulary-loading code of llama.cpp. An attacker-supplied GGUF model vocabulary can trigger this overflow. Specifically, the helper function toke...

CVE-2024-23496

A heap-based buffer overflow vulnerability exists in the GGUF library gguffreadstr functionality of llama.cpp Commit 18c2e17. A specially crafted .gguf file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability...

CVE-2024-32878

Llama.cpp is LLM inference in C/C++. There is a use of uninitialized heap variable vulnerability in ggufinitfromfile, the code will free this uninitialized variable later. In a simple POC, it will directly cause a crash. If the file is carefully constructed, it may be possible to control this...

llama.cpp Remote Code Execution Vulnerability

llama.cpp is a multimodal model. A remote code execution vulnerability exists in llama.cpp, which originates in the data pointer in the rpctensor structure, and can be exploited by an attacker to cause an arbitrary address to be written...

llama.cpp Global Buffer Overflow Vulnerability

llama.cpp is a multimodal model. A global buffer overflow vulnerability exists in llama.cpp, which can be exploited by an attacker to cause a memory data leak...

CVE-2024-42479

llama.cpp provides LLM inference in C/C++. The unsafe data pointer member in the rpctensor structure can cause arbitrary address writing. This vulnerability is fixed in b3561...

llama.cpp Denial of Service Vulnerability

llama.cpp is a multimodal model. A denial of service vulnerability exists in llama.cpp that stems from the inclusion of a null pointer dereference in ggufinitfromfile. An attacker could exploit this vulnerability to cause a denial of service...

CVE-2024-41130

llama.cpp provides LLM inference in C/C++. Prior to b3427, llama.cpp contains a null pointer dereference in ggufinitfromfile. This vulnerability is fixed in b3427...

CVE-2024-32878

Llama.cpp is LLM inference in C/C++. There is a use of uninitialized heap variable vulnerability in ggufinitfromfile, the code will free this uninitialized variable later. In a simple POC, it will directly cause a crash. If the file is carefully constructed, it may be possible to control this...

CVE-2024-32878 Use of Uninitialized Variable Vulnerability in llama.cpp

Llama.cpp is LLM inference in C/C++. There is a use of uninitialized heap variable vulnerability in ggufinitfromfile, the code will free this uninitialized variable later. In a simple POC, it will directly cause a crash. If the file is carefully constructed, it may be possible to control this...