Whisper Cpp
Monthly
Null pointer dereference in whisper.cpp up to version 1.8.2 allows a local authenticated attacker to crash the application via a crafted input during model loading. The vulnerable code path is the whisper_model_load function within ggml/src/ggml.c, resulting in a limited availability impact (application denial of service) with no confidentiality or integrity consequences. A proof-of-concept exploit is publicly available via a GitHub issue report; however, no vendor patch has been released and the project has not yet responded to the disclosure.
Null pointer dereference in whisper.cpp up to version 1.8.2 allows a local authenticated attacker to crash the application via a crafted input during model loading. The vulnerable code path is the whisper_model_load function within ggml/src/ggml.c, resulting in a limited availability impact (application denial of service) with no confidentiality or integrity consequences. A proof-of-concept exploit is publicly available via a GitHub issue report; however, no vendor patch has been released and the project has not yet responded to the disclosure.