CNNVD-202506-2090 Information
CNNVD ID
CNNVD-202506-2090
Related CVE
- CNNVD Published: 2025-06-17
Description (Chinese)
llama.cpp是Georgi Gerganov个人开发者的一个多模态模型。 llama.cpp b5662之前版本存在安全漏洞,该漏洞源于GGUF模型词汇表可能触发缓冲区溢出,可能导致内存损坏和执行任意代码。
Description (English)
llama.cpp is a multi-modular model of Georgi Gerganov’s personal developer. The previous version of llama.cpp b5662 had a security loophole, which stemmed from the fact that the GGF model glossary could trigger a buffer zone spill, which could lead to memory damage and the implementation of arbitrary codes.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
个人开发者
Published
2025-06-17
Last Modified
2026-02-24
References
https://github.com/ggml-org/llama.cpp/commit/3cfbbdb44e08fd19429fed6cc85b982a91f0efd5 https://github.com/ggml-org/llama.cpp/security/advisories/GHSA-8wwf-w4qm-gpqr https://nvd.nist.gov/vuln/detail/CVE-2025-49847 https://access.redhat.com/security/cve/cve-2025-49847
Patch
https://github.com/ggml-org/llama.cpp/releases
Share on: