CNNVD-202512-2327 Information

CNNVD ID

CNNVD-202512-2327

Related CVE

CVE-2025-14569

• CNNVD Published: 2025-12-12

Description (Chinese)

whisper.cpp是ggml开源的一个C语言库。 whisper.cpp 1.8.2版本存在资源管理错误漏洞，该漏洞源于文件/whisper.cpp/examples/common-whisper.cpp中函数read_audio_data存在释放后重用。

Description (English)

whisper.cpp is an open-source C-language library of ggml. Version 1.8.2 contains a resource management error loophole, which stems from the re-use after release of the function read audio data in file/whisper.cpp/examples/common-whisper.cpp.

Hazard Level

High

Vulnerability Type

资源管理错误

Affected Vendor

ggml

Published

2025-12-12

Last Modified

2026-02-24

References

https://github.com/ggml-org/whisper.cpp/issues/3501 https://github.com/oneafter/InvalidFree/blob/main/repro https://vuldb.com/?ctiid.336193 https://vuldb.com/?id.336193 https://vuldb.com/?submit.703886