CVE-2024-42478 Information

Description

llama.cpp provides LLM inference in C/C++. The unsafe data pointer member in the rpc_tensor structure can cause arbitrary address reading. This vulnerability is fixed in b3561.

Reference

https://github.com/ggerganov/llama.cpp/security/advisories/GHSA-5vm9-p64x-gqw9 https://github.com/ggerganov/llama.cpp/commit/b72942fac998672a79a1ae3c03b340f7e629980b