Adi0X90

**Name of the Vulnerable Software and Affected Versions** llama.cpp versions prior to b8146 **Description** llama.cpp is an inference engine for several Large Language Models (LLMs) written in C/C++. Before version b8146, the `gguf init from file impl()` function within the `gguf.cpp` file is susceptible to an integer overflow, resulting in an insufficient heap memory allocation. The subsequent use of `fread()` allows writing more than 528 bytes of attacker-controlled data beyond the buffer's boundaries. This issue bypasses a previously addressed similar error (CVE-2025-53630) because the initial fix did not cover all affected areas. **Recommendations** Update to version b8146 or later.