Home/Product/ggml llama.cpp
Product

ggml llama.cpp

16 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2026-34159
< b8492
llama.cpp is an inference of several LLM models in C/C++. Prior to version b8492, the RPC backend's deserialize_tensor() skips all
9.8CRITICAL
 CVE-2026-33298
< b7824
llama.cpp is an inference of several LLM models in C/C++. Prior to b7824, an integer overflow vulnerability in the ggml_nbytes f
7.8HIGH
 CVE-2026-27940
< b8146
llama.cpp is an inference of several LLM models in C/C++. Prior to b8146, the gguf_init_from_file_impl() in gguf.cpp is vulnerable
7.8HIGH
 CVE-2026-21869
all versions
llama.cpp is an inference of several LLM models in C/C++. In commits 55d4206c8 and prior, the n_discard parameter is parsed direct
8.8HIGH
 CVE-2025-52566
< b5721
llama.cpp is an inference of several LLM models in C/C++. Prior to version b5721, there is a signed vs. unsigned integer overflow
8.6HIGH
 CVE-2025-49847
< b5662
llama.cpp is an inference of several LLM models in C/C++. Prior to version b5662, an attacker‐supplied GGUF model vocabulary can
8.8HIGH
 CVE-2024-42479
< b3561
llama.cpp provides LLM inference in C/C++. The unsafe data pointer member in the rpc_tensor structure can cause arbitrary addr
10.0CRITICAL
 CVE-2024-42478
< b3561
llama.cpp provides LLM inference in C/C++. The unsafe data pointer member in the rpc_tensor structure can cause arbitrary addr
5.3MEDIUM
 CVE-2024-42477
< b3561
llama.cpp provides LLM inference in C/C++. The unsafe type member in the rpc_tensor structure can cause `global-buffer-overflo
5.3MEDIUM
 CVE-2024-41130
< b3427
llama.cpp provides LLM inference in C/C++. Prior to b3427, llama.cpp contains a null pointer dereference in gguf_init_from_file. T
5.4MEDIUM
 CVE-2024-32878
>= b2715 and < b2740
Llama.cpp is LLM inference in C/C++. There is a use of uninitialized heap variable vulnerability in gguf_init_from_file, the code
7.1HIGH
 CVE-2024-23605
< 2024-01-09
A heap-based buffer overflow vulnerability exists in the GGUF library header.n_kv functionality of llama.cpp Commit 18c2e17. A spe
8.8HIGH
 CVE-2024-23496
< 2024-01-09
A heap-based buffer overflow vulnerability exists in the GGUF library gguf_fread_str functionality of llama.cpp Commit 18c2e17. A
8.8HIGH
 CVE-2024-21836
< 2024-01-09
A heap-based buffer overflow vulnerability exists in the GGUF library header.n_tensors functionality of llama.cpp Commit 18c2e17.
8.8HIGH
 CVE-2024-21825
< 2024-01-09
A heap-based buffer overflow vulnerability exists in the GGUF library GGUF_TYPE_ARRAY/GGUF_TYPE_STRING parsing functionality of ll
8.8HIGH
 CVE-2024-21802
< 2024-01-09
A heap-based buffer overflow vulnerability exists in the GGUF library info-&gt;ne functionality of llama.cpp Commit 18c2e17. A spe
8.8HIGH
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin