Alexanderkent

**Name of the Vulnerable Software and Affected Versions** llama.cpp versions prior to b7824 **Description** The software is susceptible to an integer overflow in the `ggml nbytes` function. This allows an attacker to bypass memory validation by creating a specially crafted GGUF file with specific tensor dimensions. The `ggml nbytes` function returns a significantly smaller size than required, leading to a heap-based buffer overflow when the application processes the tensor. This can result in potential Remote Code Execution (RCE) through memory corruption. **Recommendations** Update to version b7824 or later.