CVE-2025-49847 llama.cpp Vulnerable to Buffer Overflow via Malicious GGUF Model

llama.cpp is an inference of several LLM models in C/C++. Prior to version b5662, an attacker‐supplied GGUF model vocabulary can trigger a buffer overflow in llama.cpp’s vocabulary‐loading code. Specifically, the helper trycopy in llama.cpp/src/vocab.cpp: llamavocab::impl::tokentopiece casts a ve...

CVE-2025-49847 llama.cpp Vulnerable to Buffer Overflow via Malicious GGUF Model

llama.cpp is an inference of several LLM models in C/C++. Prior to version b5662, an attacker‐supplied GGUF model vocabulary can trigger a buffer overflow in llama.cpp’s vocabulary‐loading code. Specifically, the helper trycopy in llama.cpp/src/vocab.cpp: llamavocab::impl::tokentopiece casts a ve...

llama.cpp 安全漏洞

llama.cpp is a multimodal model by the individual developer Georgi Gerganov. A security vulnerability exists in versions of llama.cpp prior to b5662, which stems from a buffer overflow that may be triggered by the GGUF model vocabulary, potentially leading to memory corruption and execution of...

PT-2025-25757 · Llama.Cpp · Llama.Cpp

Name of the Vulnerable Software and Affected Versions: llama.cpp versions prior to b5662 Description: The issue is related to a buffer overflow in the vocabulary-loading code of llama.cpp. An attacker-supplied GGUF model vocabulary can trigger this overflow. Specifically, the helper function toke...

CVE-2024-21836

A heap-based buffer overflow vulnerability exists in the GGUF library header.ntensors functionality of llama.cpp Commit 18c2e17. A specially crafted .gguf file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability...

CVE-2024-23605

A heap-based buffer overflow vulnerability exists in the GGUF library header.nkv functionality of llama.cpp Commit 18c2e17. A specially crafted .gguf file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability...

CVE-2024-23496

A heap-based buffer overflow vulnerability exists in the GGUF library gguffreadstr functionality of llama.cpp Commit 18c2e17. A specially crafted .gguf file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability...

CVE-2024-32878

Llama.cpp is LLM inference in C/C++. There is a use of uninitialized heap variable vulnerability in ggufinitfromfile, the code will free this uninitialized variable later. In a simple POC, it will directly cause a crash. If the file is carefully constructed, it may be possible to control this...

llama.cpp Remote Code Execution Vulnerability

llama.cpp is a multimodal model. A remote code execution vulnerability exists in llama.cpp, which originates in the data pointer in the rpctensor structure, and can be exploited by an attacker to cause an arbitrary address to be written...

llama.cpp Remote Code Execution Vulnerability (CNVD-2024-46004)

llama.cpp is a multimodal model. llama.cpp suffers from a remote code execution vulnerability that originates in the data pointer in the rpctensor structure, which can be exploited by an attacker to cause an arbitrary address to be read...

llama.cpp Global Buffer Overflow Vulnerability

llama.cpp is a multimodal model. A global buffer overflow vulnerability exists in llama.cpp, which can be exploited by an attacker to cause a memory data leak...

LLama.cpp Python Bindings Detection

Binary data pythonllama-cppdetect.nbin...

CVE-2024-42477

llama.cpp provides LLM inference in C/C++. The unsafe type member in the rpctensor structure can cause global-buffer-overflow. This vulnerability may lead to memory data leakage. The vulnerability is fixed in b3561...

CVE-2024-42478

llama.cpp provides LLM inference in C/C++. The unsafe data pointer member in the rpctensor structure can cause arbitrary address reading. This vulnerability is fixed in b3561...

CVE-2024-42478

llama.cpp provides LLM inference in C/C++. The unsafe data pointer member in the rpctensor structure can cause arbitrary address reading. This vulnerability is fixed in b3561...

CVE-2024-42477

llama.cpp provides LLM inference in C/C++. The unsafe type member in the rpctensor structure can cause global-buffer-overflow. This vulnerability may lead to memory data leakage. The vulnerability is fixed in b3561...

CVE-2024-42479

llama.cpp provides LLM inference in C/C++. The unsafe data pointer member in the rpctensor structure can cause arbitrary address writing. This vulnerability is fixed in b3561...

CVE-2024-42479 llama.cpp allows write-what-where in rpc_server::set_tensor

llama.cpp provides LLM inference in C/C++. The unsafe data pointer member in the rpctensor structure can cause arbitrary address writing. This vulnerability is fixed in b3561...

CVE-2024-42479

In llama.cpp, a vulnerability exists in the unsafe data pointer member of the rpc_tensor structure, enabling arbitrary address writes via rpc_server::set_tensor. The issue is a code-level flaw in LLM inference code paths written in C/C++, with a root cause tied to the data pointer in the rpc_tens...

CVE-2024-42479

llama.cpp provides LLM inference in C/C++. The unsafe data pointer member in the rpctensor structure can cause arbitrary address writing. This vulnerability is fixed in b3561...