CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2024-42479 – llama.cpp allows write-what-where in rpc_server::set_tensor
https://notcve.org/view.php?id=CVE-2024-42479
12 Aug 2024 — llama.cpp provides LLM inference in C/C++. The unsafe `data` pointer member in the `rpc_tensor` structure can cause arbitrary address writing. This vulnerability is fixed in b3561. • https://github.com/ggerganov/llama.cpp/commit/b72942fac998672a79a1ae3c03b340f7e629980b • CWE-123: Write-what-where Condition •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42478 – llama.cpp allows Arbitrary Address Read in rpc_server::get_tensor
https://notcve.org/view.php?id=CVE-2024-42478
12 Aug 2024 — llama.cpp provides LLM inference in C/C++. The unsafe `data` pointer member in the `rpc_tensor` structure can cause arbitrary address reading. This vulnerability is fixed in b3561. • https://github.com/ggerganov/llama.cpp/commit/b72942fac998672a79a1ae3c03b340f7e629980b • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42477 – llama.cpp global-buffer-overflow in ggml_type_size
https://notcve.org/view.php?id=CVE-2024-42477
12 Aug 2024 — llama.cpp provides LLM inference in C/C++. The unsafe `type` member in the `rpc_tensor` structure can cause `global-buffer-overflow`. This vulnerability may lead to memory data leakage. The vulnerability is fixed in b3561. • https://github.com/ggerganov/llama.cpp/commit/b72942fac998672a79a1ae3c03b340f7e629980b • CWE-125: Out-of-bounds Read •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41130 – llama.cpp null pointer dereference in gguf_init_from_file
https://notcve.org/view.php?id=CVE-2024-41130
22 Jul 2024 — llama.cpp provides LLM inference in C/C++. Prior to b3427, llama.cpp contains a null pointer dereference in gguf_init_from_file. This vulnerability is fixed in b3427. llama.cpp proporciona inferencia LLM en C/C++. Antes de b3427, llama.cpp contiene una desreferencia de puntero nulo en gguf_init_from_file. Esta vulnerabilidad se soluciona en b3427. • https://github.com/ggerganov/llama.cpp/commit/07283b1a90e1320aae4762c7e03c879043910252 • CWE-476: NULL Pointer Dereference •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32878 – Use of Uninitialized Variable Vulnerability in llama.cpp
https://notcve.org/view.php?id=CVE-2024-32878
26 Apr 2024 — Llama.cpp is LLM inference in C/C++. There is a use of uninitialized heap variable vulnerability in gguf_init_from_file, the code will free this uninitialized variable later. In a simple POC, it will directly cause a crash. If the file is carefully constructed, it may be possible to control this uninitialized value and cause arbitrary address free problems. This may further lead to be exploited. • https://github.com/ggerganov/llama.cpp/releases/tag/b2749 • CWE-456: Missing Initialization of a Variable •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-21825
https://notcve.org/view.php?id=CVE-2024-21825
26 Feb 2024 — A heap-based buffer overflow vulnerability exists in the GGUF library GGUF_TYPE_ARRAY/GGUF_TYPE_STRING parsing functionality of llama.cpp Commit 18c2e17. A specially crafted .gguf file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. Existe una vulnerabilidad de desbordamiento de búfer de almacenamiento dinámico en la librería GGUF GGUF_TYPE_ARRAY/GGUF_TYPE_STRING funcionalidad de análisis de llama.cpp Confirmación 18c2e17. Un archivo .gguf especialmente ma... • https://talosintelligence.com/vulnerability_reports/TALOS-2024-1912 • CWE-190: Integer Overflow or Wraparound •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23496
https://notcve.org/view.php?id=CVE-2024-23496
26 Feb 2024 — A heap-based buffer overflow vulnerability exists in the GGUF library gguf_fread_str functionality of llama.cpp Commit 18c2e17. A specially crafted .gguf file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. Existe una vulnerabilidad de desbordamiento de búfer de almacenamiento dinámico en la funcionalidad gguf_fread_str de la librería GGUF de llama.cpp Commit 18c2e17. Un archivo .gguf especialmente manipulado puede provocar la ejecución de código. • https://talosintelligence.com/vulnerability_reports/TALOS-2024-1913 • CWE-190: Integer Overflow or Wraparound •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-21836
https://notcve.org/view.php?id=CVE-2024-21836
26 Feb 2024 — A heap-based buffer overflow vulnerability exists in the GGUF library header.n_tensors functionality of llama.cpp Commit 18c2e17. A specially crafted .gguf file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. Existe una vulnerabilidad de desbordamiento de búfer de almacenamiento dinámico en la funcionalidad header.n_tensors de la librería GGUF de llama.cpp Commit 18c2e17. Un archivo .gguf especialmente manipulado puede provocar la ejecución de código. • https://talosintelligence.com/vulnerability_reports/TALOS-2024-1915 • CWE-190: Integer Overflow or Wraparound •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23605
https://notcve.org/view.php?id=CVE-2024-23605
26 Feb 2024 — A heap-based buffer overflow vulnerability exists in the GGUF library header.n_kv functionality of llama.cpp Commit 18c2e17. A specially crafted .gguf file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. Existe una vulnerabilidad de desbordamiento de búfer de almacenamiento dinámico en la funcionalidad header.n_kv de la librería GGUF de llama.cpp Commit 18c2e17. Un archivo .gguf especialmente manipulado puede provocar la ejecución de código. • https://talosintelligence.com/vulnerability_reports/TALOS-2024-1916 • CWE-190: Integer Overflow or Wraparound •