CVE-2026-33298

Name of the Vulnerable Software and Affected Versions llama.cpp versions prior to b7824

Description The software is susceptible to an integer overflow in the ggml nbytes function. This allows an attacker to bypass memory validation by creating a specially crafted GGUF file with specific tensor dimensions. The ggml nbytes function returns a significantly smaller size than required, leading to a heap-based buffer overflow when the application processes the tensor. This can result in potential Remote Code Execution (RCE) through memory corruption.

Recommendations Update to version b7824 or later.