Skip to main content

Llama Cpp CVE-2026-33298

| EUVDEUVD-2026-14668 HIGH
Heap-based Buffer Overflow (CWE-122)
2026-03-24 GitHub_M
7.8
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
7.8 HIGH
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
SUSE
HIGH
qualitative

Primary rating from GitHub Advisory.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
EUVD ID Assigned
Mar 24, 2026 - 00:45 euvd
EUVD-2026-14668
Analysis Generated
Mar 24, 2026 - 00:45 vuln.today
CVE Published
Mar 24, 2026 - 00:01 nvd
HIGH 7.8

DescriptionGitHub Advisory

llama.cpp is an inference of several LLM models in C/C++. Prior to b7824, an integer overflow vulnerability in the ggml_nbytes function allows an attacker to bypass memory validation by crafting a GGUF file with specific tensor dimensions. This causes ggml_nbytes to return a significantly smaller size than required (e.g., 4MB instead of Exabytes), leading to a heap-based buffer overflow when the application subsequently processes the tensor. This vulnerability allows potential Remote Code Execution (RCE) via memory corruption. b7824 contains a fix.

AnalysisAI

Remote code execution in llama.cpp prior to commit b7824 is possible through a crafted GGUF file that exploits an integer overflow in the ggml_nbytes function, causing heap buffer overflow during tensor processing. An attacker can bypass memory validation by specifying tensor dimensions that cause the size calculation to underflow dramatically, allowing memory corruption and potential code execution. The vulnerability affects Debian and other systems running vulnerable versions of llama.cpp, with no patch currently available.

Technical ContextAI

llama.cpp is a C/C++ inference engine for Large Language Model (LLM) models developed by ggml-org. The vulnerability resides in the ggml_nbytes function which calculates memory size requirements for tensor operations. Due to an integer overflow (CWE-122: Heap-based Buffer Overflow), the function can return drastically incorrect size calculations—for example, reporting 4MB when the actual requirement is in the Exabytes range. This miscalculation bypasses memory allocation validation checks, allowing subsequent tensor processing operations to write beyond allocated heap boundaries. The affected product is identified via CPE cpe:2.3:a:ggml-org:llama.cpp:*:*:*:*:*:*:*:* and processes GGUF (GPT-Generated Unified Format) model files, which are used to store LLM weights and configurations.

RemediationAI

Upgrade llama.cpp to version b7824 or later, which contains a fix for the integer overflow vulnerability. The patched release is available at https://github.com/ggml-org/llama.cpp/releases/tag/b7824 and additional details are provided in the security advisory at https://github.com/ggml-org/llama.cpp/security/advisories/GHSA-96jg-mvhq-q7q7. Until patching is completed, organizations should implement defense-in-depth measures including restricting GGUF file processing to trusted sources only, validating file integrity through cryptographic signatures, running llama.cpp in sandboxed or containerized environments with limited privileges, and implementing file scanning or validation before processing untrusted model files. Consider deploying application-level firewalls or runtime protection to detect heap corruption attempts.

CVE-2024-42479 CRITICAL POC
10.0 Aug 12

Arbitrary memory write in llama.cpp's RPC server allows remote unauthenticated attackers to corrupt arbitrary memory add

CVE-2024-21802 HIGH POC
8.8 Feb 26

Remote code execution in llama.cpp (commit 18c2e17) is possible when a user opens a malicious .gguf model file, triggeri

CVE-2024-21825 HIGH POC
8.8 Feb 26

Remote code execution in llama.cpp (commit 18c2e17) is possible when a victim loads a malicious .gguf model file, trigge

CVE-2024-23605 HIGH POC
8.8 Feb 26

Remote code execution in llama.cpp (GGUF library) allows attackers to achieve arbitrary code execution by tricking a use

CVE-2024-23496 HIGH POC
8.8 Feb 26

Remote code execution in llama.cpp (commit 18c2e17) occurs when the GGUF library's gguf_fread_str function parses a mali

CVE-2024-21836 HIGH POC
8.8 Feb 26

Heap-based buffer overflow in llama.cpp's GGUF library header parser (commit 18c2e17) enables code execution when a vict

CVE-2026-34159 CRITICAL
9.8 Apr 01

Remote code execution in llama.cpp RPC backend allows unauthenticated attackers with TCP access to achieve arbitrary mem

CVE-2024-42478 MEDIUM POC
5.3 Aug 12

llama.cpp provides LLM inference in C/C++. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable,

CVE-2024-32878 HIGH
8.8 Apr 26

Llama.cpp is LLM inference in C/C++. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no auth

CVE-2026-27940 HIGH
7.8 Mar 12

Local attackers can achieve heap buffer overflow in llama.cpp versions before b8146 through integer overflow in the GGUF

CVE-2024-41130 MEDIUM
6.5 Jul 22

llama.cpp provides LLM inference in C/C++. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable,

CVE-2024-42477 MEDIUM
5.3 Aug 12

llama.cpp provides LLM inference in C/C++. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable,

Vendor StatusVendor

Debian

llama.cpp
Release Status Fixed Version Urgency
sid vulnerable 8064+dfsg-2 -
(unstable) fixed (unfixed) -

SUSE

Severity: High

Share

CVE-2026-33298 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy