3 matches found
CVE-2025-44779
An issue in Ollama v0.1.33 allows attackers to delete arbitrary files via sending a crafted packet to the endpoint /api/pull...
CVE-2024-39720
CVE-2024-39720 affects Ollama prior to 0.1.46. An attacker can craft and send two HTTP requests to upload a malformed GGUF file (4 bytes) beginning with the GGUF header, using a malicious Modelfile that FROM-references an attacker-controlled blob file. This triggers a crash in the CreateModel rou...
CVE-2024-39720
An issue was discovered in Ollama before 0.1.46. An attacker can use two HTTP requests to upload a malformed GGUF file containing just 4 bytes starting with the GGUF custom magic header. By leveraging a custom Modelfile that includes a FROM statement pointing to the attacker-controlled blob file,...