CVE-2024-23496

Name of the Vulnerable Software and Affected Versions GGUF library version Commit 18c2e17

Description A heap-based buffer overflow vulnerability exists in the GGUF library gguf fread str functionality of llama.cpp. This vulnerability can be triggered by a specially crafted .gguf file, potentially leading to code execution. An attacker can exploit this issue by providing a malicious file.

Recommendations As a temporary workaround, consider disabling the gguf fread str function until a patch is available. Restrict access to the vulnerable llama.cpp module to minimize the risk of exploitation. Avoid using the GGUF library until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.