CVE-2024-21836

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions GGUF library (affected versions not specified)

Description A heap-based buffer overflow vulnerability exists in the GGUF library's header.n tensors functionality of llama.cpp Commit 18c2e17. This issue is related to an integer overflow in the header.n tensors function. A specially crafted .gguf file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Memory Corruption

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-190

Related Identifiers

BDU:2024-01897

CVE-2024-21836

Affected Products

Gguf Library

CVE-2024-21836

Weakness Enumeration

Related Identifiers

Affected Products

References · 9