CVE-2024-41130
5.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
Summary
llama.cpp provides LLM inference in C/C++. Prior to b3427, llama.cpp contains a null pointer dereference in gguf_init_from_file. This vulnerability is fixed in b3427.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| ggerganov | llama.cpp | < b3427 | affected |
Weaknesses
- CWE-476: CWE-476: NULL Pointer Dereference
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: no
- Technical Impact: partial
CVE Program Container
Additional References
- https://github.com/ggerganov/llama.cpp/security/advisories/GHSA-49q7-2jmh-92fp
- https://github.com/ggerganov/llama.cpp/commit/07283b1a90e1320aae4762c7e03c879043910252
References
- https://github.com/ggerganov/llama.cpp/security/advisories/GHSA-49q7-2jmh-92fp
- https://github.com/ggerganov/llama.cpp/commit/07283b1a90e1320aae4762c7e03c879043910252
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.