VYPR
Vendor

Ggerganov

Products
1
CVEs
9
Across products
9
Status
Private

Products

1

Recent CVEs

9
  • CVE-2024-42479CriAug 12, 2024
    risk 0.58cvss 10.0epss 0.03

    llama.cpp provides LLM inference in C/C++. The unsafe `data` pointer member in the `rpc_tensor` structure can cause arbitrary address writing. This vulnerability is fixed in b3561.

  • CVE-2024-23605HigFeb 26, 2024
    risk 0.57cvss 8.8epss 0.01

    A heap-based buffer overflow vulnerability exists in the GGUF library header.n_kv functionality of llama.cpp Commit 18c2e17. A specially crafted .gguf file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.

  • CVE-2024-21836HigFeb 26, 2024
    risk 0.57cvss 8.8epss 0.01

    A heap-based buffer overflow vulnerability exists in the GGUF library header.n_tensors functionality of llama.cpp Commit 18c2e17. A specially crafted .gguf file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.

  • CVE-2024-21802HigFeb 26, 2024
    risk 0.57cvss 8.8epss 0.01

    A heap-based buffer overflow vulnerability exists in the GGUF library info->ne functionality of llama.cpp Commit 18c2e17. A specially crafted .gguf file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.

  • CVE-2024-42478MedAug 12, 2024
    risk 0.27cvss 5.3epss 0.01

    llama.cpp provides LLM inference in C/C++. The unsafe `data` pointer member in the `rpc_tensor` structure can cause arbitrary address reading. This vulnerability is fixed in b3561.

  • CVE-2024-42477MedAug 12, 2024
    risk 0.27cvss 5.3epss 0.00

    llama.cpp provides LLM inference in C/C++. The unsafe `type` member in the `rpc_tensor` structure can cause `global-buffer-overflow`. This vulnerability may lead to memory data leakage. The vulnerability is fixed in b3561.

  • CVE-2026-21869Jan 7, 2026
    risk 0.00cvss epss 0.00

    llama.cpp is an inference of several LLM models in C/C++. In commits 55d4206c8 and prior, the n_discard parameter is parsed directly from JSON input in the llama.cpp server's completion endpoints without validation to ensure it's non-negative. When a negative value is supplied…

  • CVE-2024-41130Jul 22, 2024
    risk 0.00cvss epss 0.00

    llama.cpp provides LLM inference in C/C++. Prior to b3427, llama.cpp contains a null pointer dereference in gguf_init_from_file. This vulnerability is fixed in b3427.

  • CVE-2024-32878Apr 26, 2024
    risk 0.00cvss epss 0.01

    Llama.cpp is LLM inference in C/C++. There is a use of uninitialized heap variable vulnerability in gguf_init_from_file, the code will free this uninitialized variable later. In a simple POC, it will directly cause a crash. If the file is carefully constructed, it may be…