Skip to main content

Llama Cpp CVE-2024-41130

MEDIUM
NULL Pointer Dereference (CWE-476)
2024-07-22 security-advisories@github.com
6.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Jul 22, 2024 - 18:15 nvd
MEDIUM 6.5

DescriptionNVD

llama.cpp provides LLM inference in C/C++. Prior to b3427, llama.cpp contains a null pointer dereference in gguf_init_from_file. This vulnerability is fixed in b3427.

AnalysisAI

llama.cpp provides LLM inference in C/C++. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Technical ContextAI

This vulnerability is classified as NULL Pointer Dereference (CWE-476), which allows attackers to crash the application by dereferencing a null pointer. llama.cpp provides LLM inference in C/C++. Prior to b3427, llama.cpp contains a null pointer dereference in gguf_init_from_file. This vulnerability is fixed in b3427. Affected products include: Ggml Llama.Cpp.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Check pointers before dereferencing. Use static analysis tools to detect null pointer paths.

CVE-2024-42479 CRITICAL POC
10.0 Aug 12

Arbitrary memory write in llama.cpp's RPC server allows remote unauthenticated attackers to corrupt arbitrary memory add

CVE-2024-21802 HIGH POC
8.8 Feb 26

Remote code execution in llama.cpp (commit 18c2e17) is possible when a user opens a malicious .gguf model file, triggeri

CVE-2024-21825 HIGH POC
8.8 Feb 26

Remote code execution in llama.cpp (commit 18c2e17) is possible when a victim loads a malicious .gguf model file, trigge

CVE-2024-23605 HIGH POC
8.8 Feb 26

Remote code execution in llama.cpp (GGUF library) allows attackers to achieve arbitrary code execution by tricking a use

CVE-2024-23496 HIGH POC
8.8 Feb 26

Remote code execution in llama.cpp (commit 18c2e17) occurs when the GGUF library's gguf_fread_str function parses a mali

CVE-2024-21836 HIGH POC
8.8 Feb 26

Heap-based buffer overflow in llama.cpp's GGUF library header parser (commit 18c2e17) enables code execution when a vict

CVE-2026-34159 CRITICAL
9.8 Apr 01

Remote code execution in llama.cpp RPC backend allows unauthenticated attackers with TCP access to achieve arbitrary mem

CVE-2024-42478 MEDIUM POC
5.3 Aug 12

llama.cpp provides LLM inference in C/C++. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable,

CVE-2024-32878 HIGH
8.8 Apr 26

Llama.cpp is LLM inference in C/C++. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no auth

CVE-2026-33298 HIGH
7.8 Mar 24

Remote code execution in llama.cpp prior to commit b7824 is possible through a crafted GGUF file that exploits an intege

CVE-2026-27940 HIGH
7.8 Mar 12

Local attackers can achieve heap buffer overflow in llama.cpp versions before b8146 through integer overflow in the GGUF

CVE-2024-42477 MEDIUM
5.3 Aug 12

llama.cpp provides LLM inference in C/C++. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable,

Share

CVE-2024-41130 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy