CNNVD-202506-3007 Information

CNNVD ID

CNNVD-202506-3007

Related CVE

CVE-2025-52566

• CNNVD Published: 2025-06-24

Description (Chinese)

llama.cpp是Georgi Gerganov个人开发者的一个多模态模型。 llama.cpp b5721之前版本存在安全漏洞，该漏洞源于tokenizer实现中存在有符号与无符号整数溢出，可能导致堆溢出。

Description (English)

llama.cpp is a multi-modular model of Georgi Gerganov’s personal developer. The previous version of llama.cpp b5721 had a security loophole, which stemmed from the presence of a symbol and an unsigned whole number in tokenizer ’ s realization, which could result in a spill.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

Live Support

Published

2025-06-24

Last Modified

2026-02-24

References

https://github.com/ggml-org/llama.cpp/security/advisories/GHSA-7rxv-5jhh-j6xx https://github.com/ggml-org/llama.cpp/commit/dd6e6d0b6a4bbe3ebfc931d1eb14db2f2b1d70af https://access.redhat.com/security/cve/cve-2025-52566 https://nvd.nist.gov/vuln/detail/CVE-2025-52566

Patch

https://github.com/ggml-org/llama.cpp/releases