CVE-2024-23605 - Heap-Based Buffer Overflow in llama.cpp’s GGUF Library (`header.n_kv`) — Analyzing the Exploit
Recently, researchers have disclosed CVE-2024-23605, a critical heap-based buffer overflow in the GGUF library used in llama.cpp, specifically affecting the processing of .gguf files
CVE-2024-23496 - Unpacking a Heap Buffer Overflow in GGUF’s `gguf_fread_str` Functionality (llama.cpp commit 18c2e17)
In early 2024, a security vulnerability (CVE-2024-23496) was found in the llama.cpp project, specifically in its GGUF library’s gguf_fread_str function. This
CVE-2024-21825 - Heap Buffer Overflow in llama.cpp GGUF Parsing Can Lead to Code Execution
A fresh vulnerability, tagged CVE-2024-21825, has been uncovered in the open-source llama.cpp project. This bug lurks in the library’s handling of GGUF_TYPE_
CVE-2024-21836 - Heap Buffer Overflow in GGUF’s `header.n_tensors` (llama.cpp) Enables Code Execution
A new vulnerability—CVE-2024-21836—has been discovered in the widely used AI project llama.cpp. This flaw impacts the GGUF library (used to handle model
CVE-2024-21802 - Heap Buffer Overflow in GGUF `info->ne` (llama.cpp 18c2e17) — How a Malicious `.gguf` File Can Lead to Code Execution
On 2024-01-30, a critical heap-based buffer overflow vulnerability (CVE-2024-21802) was discovered in the GGUF library, specifically in the info->ne handling within llama.cpp
Episode
00:00:00
00:00:00