CVE-2025-15514

CVE-2025-15514

Name

CVE-2025-15514

Description

Ollama 0.11.5-rc0 through current version 0.13.5 contain a null pointer dereference vulnerability in the multi-modal model image processing functionality. When processing base64-encoded image data via the /api/chat endpoint, the application fails to validate that the decoded data represents valid media before passing it to the mtmd_helper_bitmap_init_from_buf function. This function can return NULL for malformed input, but the code does not check this return value before dereferencing the pointer in subsequent operations. A remote attacker can exploit this by sending specially crafted base64 image data that decodes to invalid media, causing a segmentation fault and crashing the runner process. This results in a denial of service condition where the model becomes unavailable to all users until the service is restarted.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
product	https://https://github.com/ollama/ollama
technical-description	https://huntr.com/bounties/172df98b-07cd-41ea-a628-366f8cd525c0
product	https://ollama.com/
third-party-advisory	https://www.vulncheck.com/advisories/ollama-multi-modal-image-processing-null-pointer-dereference

Type

URI

product

https://https://github.com/ollama/ollama

technical-description

https://huntr.com/bounties/172df98b-07cd-41ea-a628-366f8cd525c0

product

https://ollama.com/

third-party-advisory

https://www.vulncheck.com/advisories/ollama-multi-modal-image-processing-null-pointer-dereference

Match rules

CPE URI	Source package	Min version	Max version
	ollama	>= v0.11.5-rc0	<= 0.13.5
`cpe:2.3:a:ollama:ollama::-::::::*`	ollama	>= 0.11.6	<= 0.13.5
`cpe:2.3:a:ollama:ollama:0.11.5:-::::::`	ollama	== None	== 0.11.5

CPE URI

Source package

Min version

Max version

ollama

>= v0.11.5-rc0

<= 0.13.5

cpe:2.3:a:ollama:ollama:*:-:*:*:*:*:*:*

ollama

>= 0.11.6

<= 0.13.5

cpe:2.3:a:ollama:ollama:0.11.5:-:*:*:*:*:*:*

ollama

== None

== 0.11.5

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
ollama	edge-community	0.13.5-r0	Miles Alan <m@milesalan.com>	possibly vulnerable
ollama	edge-community	0.13.0-r0	Miles Alan <m@milesalan.com>	possibly vulnerable
ollama	edge-community	0.12.9-r0	Miles Alan <m@milesalan.com>	possibly vulnerable
ollama	edge-community	0.12.7-r0	Miles Alan <m@milesalan.com>	possibly vulnerable
ollama	edge-community	0.11.7-r0	Miles Alan <m@milesalan.com>	possibly vulnerable
ollama	edge-community	0.11.4-r0	Miles Alan <m@milesalan.com>	possibly vulnerable
ollama	edge-community	0.10.1-r0	Miles Alan <m@milesalan.com>	possibly vulnerable
ollama	edge-community	0.9.6-r0	Miles Alan <m@milesalan.com>	possibly vulnerable
ollama	edge-community	0.9.5-r0	Miles Alan <m@milesalan.com>	possibly vulnerable
ollama	3.23-community	0.13.0-r0	Miles Alan <m@milesalan.com>	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

ollama

edge-community

0.13.5-r0

Miles Alan <m@milesalan.com>

possibly vulnerable

ollama

edge-community