CNNVD-202601-1365 Information

CNNVD ID

CNNVD-202601-1365

Related CVE

CVE-2026-21869

• CNNVD Published: 2026-01-08

Description (Chinese)

llama.cpp是Georgi Gerganov个人开发者的一个多模态模型。 llama.cpp 55d4206c8及之前版本存在缓冲区错误漏洞，该漏洞源于未验证n_discard参数为非负值，可能导致越界内存写入和远程代码执行。

Description (English)

llama.cpp is a multi-modular model of Georgi Gerganov’s personal developer. llama.cpp 55d4206c8 and previous versions had an error loophole in the buffer zone, resulting from the unverified non-negative value of n discard parameters, which could lead to cross-border memory writing and remote code execution.

Hazard Level

Medium

Vulnerability Type

缓冲区错误

Affected Vendor

个人开发者

Published

2026-01-08

Last Modified

2026-02-24

References

https://github.com/ggml-org/llama.cpp/security/advisories/GHSA-8947-pfff-2f3c