Medium severity5.3NVD Advisory· Published Aug 12, 2024· Updated Apr 27, 2026

CVE-2024-42478

Description

llama.cpp provides LLM inference in C/C++. The unsafe data pointer member in the rpc_tensor structure can cause arbitrary address reading. This vulnerability is fixed in b3561.

Affected products

Ggml/Llama.cpp
cpe:2.3:a:ggml:llama.cpp:*:*:*:*:*:*:*:*
Range: <b3561

Patches

b72942fac998

https://github.com/ggml-org/llama.cppvia osv

b72942fac998

https://github.com/ggerganov/llama.cppvia nvd-ref

commit

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/ggerganov/llama.cpp/commit/b72942fac998672a79a1ae3c03b340f7e629980bnvdPatch
github.com/ggerganov/llama.cpp/security/advisories/GHSA-5vm9-p64x-gqw9nvdExploitVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.345
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000