CVE-2024-21825

CVE-2024-21825

Name

CVE-2024-21825

Description

A heap-based buffer overflow vulnerability exists in the GGUF library GGUF_TYPE_ARRAY/GGUF_TYPE_STRING parsing functionality of llama.cpp Commit 18c2e17. A specially crafted .gguf file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
talos-cna@cisco.com	https://talosintelligence.com/vulnerability_reports/TALOS-2024-1912
talos-cna@cisco.com	https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1912

Type

URI

talos-cna@cisco.com

https://talosintelligence.com/vulnerability_reports/TALOS-2024-1912

talos-cna@cisco.com

https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1912

CPE URI	Source package	Min version	Max version
	llama.cpp	== Commit 18c2e17	== Commit 18c2e17
`cpe:2.3:a:ggerganov:llama.cpp::::::::`	llama.cpp	>= None	< 2024-01-09

CPE URI

Source package

Min version

Max version

llama.cpp

== Commit 18c2e17

cpe:2.3:a:ggerganov:llama.cpp:*:*:*:*:*:*:*:*

llama.cpp

>= None

< 2024-01-09

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
llama.cpp	edge-community	0.0.9564-r0	Hugo Osvaldo Barrera <hugo@whynothugo.nl>	possibly vulnerable
llama.cpp	edge-community	0.0.9006-r0	Hugo Osvaldo Barrera <hugo@whynothugo.nl>	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

llama.cpp

edge-community

0.0.9564-r0

Hugo Osvaldo Barrera <hugo@whynothugo.nl>

possibly vulnerable

llama.cpp

edge-community

0.0.9006-r0

Hugo Osvaldo Barrera <hugo@whynothugo.nl>

possibly vulnerable

References

Match rules

Vulnerable and fixed packages