Llama Cpp
CVE-2024-41130
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionNVD
llama.cpp provides LLM inference in C/C++. Prior to b3427, llama.cpp contains a null pointer dereference in gguf_init_from_file. This vulnerability is fixed in b3427.
AnalysisAI
llama.cpp provides LLM inference in C/C++. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.
Technical ContextAI
This vulnerability is classified as NULL Pointer Dereference (CWE-476), which allows attackers to crash the application by dereferencing a null pointer. llama.cpp provides LLM inference in C/C++. Prior to b3427, llama.cpp contains a null pointer dereference in gguf_init_from_file. This vulnerability is fixed in b3427. Affected products include: Ggml Llama.Cpp.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Check pointers before dereferencing. Use static analysis tools to detect null pointer paths.
Arbitrary memory write in llama.cpp's RPC server allows remote unauthenticated attackers to corrupt arbitrary memory add
Remote code execution in llama.cpp (commit 18c2e17) is possible when a user opens a malicious .gguf model file, triggeri
Remote code execution in llama.cpp (commit 18c2e17) is possible when a victim loads a malicious .gguf model file, trigge
Remote code execution in llama.cpp (GGUF library) allows attackers to achieve arbitrary code execution by tricking a use
Remote code execution in llama.cpp (commit 18c2e17) occurs when the GGUF library's gguf_fread_str function parses a mali
Heap-based buffer overflow in llama.cpp's GGUF library header parser (commit 18c2e17) enables code execution when a vict
Remote code execution in llama.cpp RPC backend allows unauthenticated attackers with TCP access to achieve arbitrary mem
llama.cpp provides LLM inference in C/C++. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable,
Llama.cpp is LLM inference in C/C++. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no auth
Remote code execution in llama.cpp prior to commit b7824 is possible through a crafted GGUF file that exploits an intege
Local attackers can achieve heap buffer overflow in llama.cpp versions before b8146 through integer overflow in the GGUF
llama.cpp provides LLM inference in C/C++. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable,
Same weakness CWE-476 – NULL Pointer Dereference
View allSame technique Null Pointer Dereference
View allShare
External POC / Exploit Code
Leaving vuln.today