← volver
CVE-2025-53630

Integer Overflow in GGUF Parser can lead to Heap Out-of-Bounds Read/Write in gguf

CVSS 8.9 HIGHEPSS 0.3%CWE-122CWE-680
llama.cpp is an inference of several LLM models in C/C++. Integer Overflow in the gguf_init_from_file_impl function in ggml/src/gguf.cpp can lead to Heap Out-of-Bounds Read/Write. This vulnerability is fixed in commit 26a48ad699d50b6268900062661bd22f3e792579.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
Productos afectados
ggml-org · llama.cpp

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/ggml-org/llama.cpp/commit/26a48ad699d50b6268900062661bd22f3e792579https://github.com/ggml-org/llama.cpp/security/advisories/GHSA-vgg9-87g3-85w8