Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
GgmlLlama.cpp*

14 matches found

CVE
CVEadded 2024/02/26 4:7 p.m.153 views

CVE-2024-23496

CVE-2024-23496 affects llama.cpp’s GGUF file parsing in the gguf_fread_str function. The root cause is an integer overflow when reading a string length p->n, leading to p->data = calloc(p->n + 1, 1) and a potentially undersized allocation. A heap-based buffer overflow can occur when the ...

9.8CVSS8.9AI score0.01349EPSS
CVE
CVEadded 2024/02/26 4:7 p.m.134 views

CVE-2024-23605

Affected: llama.cpp with GGUF header.n_kv parsing (commit 18c2e17). TALOS details a heap-based buffer overflow in gguf_init_from_file caused by allocating ctx->kv with header.n_kv, risking overflow when writing kv->key strings if header.n_kv overflows the allocation. Result: potential code ...

9.8CVSS8.9AI score0.01349EPSS
CVE
CVEadded 2024/02/26 4:7 p.m.129 views

CVE-2024-21825

Talos details CVE-2024-21825 in llama.cpp (GGUF library) focusing on parsing of GGUF_TYPE_ARRAY/GGUF_TYPE_STRING within gguf_init_from_file. An attacker-provided .gguf file can trigger a heap-based buffer overflow when kv->value.arr.n is large, due to an integer overflow in the allocation kv-&...

9.8CVSS8.9AI score0.01349EPSS
CVE
CVEadded 2024/02/26 4:7 p.m.116 views

CVE-2024-21836

CVE-2024-21836 affects llama.cpp (GGUF library header.n_tensors parsing). Talos reports a heap-based buffer overflow caused by an integer overflow when allocating ctx->infos for a crafted .gguf file, which can lead to a heap overflow during reading tensor names (info->name). Vulnerable comp...

9.8CVSS8.9AI score0.01349EPSS
CVE
CVEadded 2024/02/26 4:7 p.m.113 views

CVE-2024-21802

Talos reports a heap-based buffer overflow in llama.cpp (Commit 18c2e17) related to the GGUF library info->ne parsing when processing .gguf files, which can lead to remote code execution. The vulnerability stems from writing beyond a 4-element info->ne array during gguf_init_from_file, with...

9.8CVSS8.9AI score0.01375EPSS
CVE
CVEadded 2024/08/12 3:7 p.m.100 views

CVE-2024-42479

In llama.cpp, a vulnerability exists in the unsafe data pointer member of the rpc_tensor structure, enabling arbitrary address writes via rpc_server::set_tensor. The issue is a code-level flaw in LLM inference code paths written in C/C++, with a root cause tied to the data pointer in the rpc_tens...

10CVSS9.4AI score0.02628EPSS
CVE
CVEadded 2024/08/12 3:5 p.m.77 views

CVE-2024-42478

CVE-2024-42478 concerns llama.cpp where an unsafe data pointer in the rpc_tensor structure can lead to arbitrary address reads. Several sources concur this is a code-level issue; the public CVE description states the vulnerability is fixed in b3561. Some connected advisories also advise upgrading...

9.8CVSS5.3AI score0.00603EPSS
CVE
CVEadded 2024/08/12 3:2 p.m.69 views

CVE-2024-42477

CVE-2024-42477 affects llama.cpp (C/C++) where an unsafe type member in the rpc_tensor structure can trigger a global-buffer-overflow, potentially leaking memory data. The issue is reported as fixed in commit b3561 and is reflected in Fedora security advisory FEDORA-2024-89c69bb9d3 and related ad...

7.5CVSS5.2AI score0.0046EPSS
CVE
CVEadded 2024/07/22 5:28 p.m.47 views

CVE-2024-41130

CVE-2024-41130 affects llama.cpp (C/C++) with a null pointer dereference in gguf_init_from_file. Root cause: null pointer dereference prior to version b3427. Impact: as documented, DoS-like behavior stemming from the crash/denial of service. Remediation: upgrade to version b3427 or later (per off...

6.5CVSS5.3AI score0.00318EPSS
CVE
CVEadded 2026/03/12 4:39 p.m.44 views

CVE-2026-27940

Summary of CVE-2026-27940 : The llama.cpp component has a vulnerability in gguf_init_from_file_impl() within gguf.cpp where an integer overflow leads to an undersized heap allocation. This enables a subsequent fread() to write 528+ bytes of attacker-controlled data past the buffer boundary, const...

7.8CVSS6AI score0.00177EPSS
CVE
CVEadded 2025/06/17 8:4 p.m.40 views

CVE-2025-49847

CVE-2025-49847 affects llama.cpp: prior to v5662, an attacker-supplied GGUF vocabulary can trigger a buffer overflow in the vocabulary-loading path. The root cause is in llama_vocab::impl::token_to_piece(), where a large size_t token length is cast to int32_t, bypassing the length check and causi...

8.8CVSS9.2AI score0.00444EPSS
CVE
CVEadded 2025/06/24 3:21 a.m.35 views

CVE-2025-52566

CVE-2025-52566 affects llama.cpp (tokenizer in llama_vocab::tokenize). Prior to version b5721, a signed vs. unsigned integer overflow enables heap-overflow during tokenization, causing unintended behavior in token copying. This could enable heap-related issues during inference with crafted input....

8.8CVSS8.8AI score0.00318EPSS
CVE
CVEadded 2026/04/01 4:59 p.m.14 views

CVE-2026-34159

The CVE-2026-34159 entry for llama.cpp describes an unauthenticated RCE via the RPC backend: prior to v.b8492, deserialize_tensor() omits bounds validation when tensor.buffer == 0, enabling an attacker to read/write arbitrary process memory through crafted GRAPH_COMPUTE messages. Combined with AL...

9.8CVSS6.2AI score0.01126EPSS
CVE
CVEadded 2026/03/24 12:1 a.m.12 views

CVE-2026-33298

Summary (CVE-2026-33298) : llama.cpp (C/C++) contains an integer overflow in the ggml_nbytes function during GGUF tensor parsing, allowing an attacker to bypass memory validation by crafting tensor dimensions. This can cause ggml_nbytes to report a far too small size (examples cite 4 MB vs exabyt...

7.8CVSS6.1AI score0.00477EPSS