CVE-2025-53630

CVE-2025-53630

Name

CVE-2025-53630

Description

llama.cpp is an inference of several LLM models in C/C++. Integer Overflow in the gguf_init_from_file_impl function in ggml/src/gguf.cpp can lead to Heap Out-of-Bounds Read/Write. This vulnerability is fixed in commit 26a48ad699d50b6268900062661bd22f3e792579.

NVD Severity

high

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
MISC	https://github.com/ggml-org/llama.cpp/commit/26a48ad699d50b6268900062661bd22f3e792579
CONFIRM	https://github.com/ggml-org/llama.cpp/security/advisories/GHSA-vgg9-87g3-85w8

Type

URI

MISC

https://github.com/ggml-org/llama.cpp/commit/26a48ad699d50b6268900062661bd22f3e792579

CONFIRM

https://github.com/ggml-org/llama.cpp/security/advisories/GHSA-vgg9-87g3-85w8

CPE URI	Source package	Min version	Max version
	llama.cpp	>= 0	< 26a48ad699d50b6268900062661bd22f3e792579

CPE URI

Source package

Min version

Max version

llama.cpp

>= 0

< 26a48ad699d50b6268900062661bd22f3e792579

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
llama.cpp	edge-community	0.0.9564-r0	Hugo Osvaldo Barrera <hugo@whynothugo.nl>	possibly vulnerable
llama.cpp	edge-community	0.0.9006-r0	Hugo Osvaldo Barrera <hugo@whynothugo.nl>	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

llama.cpp

edge-community

0.0.9564-r0

Hugo Osvaldo Barrera <hugo@whynothugo.nl>

possibly vulnerable

llama.cpp

edge-community

0.0.9006-r0

Hugo Osvaldo Barrera <hugo@whynothugo.nl>

possibly vulnerable

References

Match rules

Vulnerable and fixed packages