CVE-2024-21802

Name of the Vulnerable Software and Affected Versions GGUF library version prior to the fix of Commit 18c2e17

Description A heap-based buffer overflow vulnerability exists in the GGUF library's info->ne functionality of llama.cpp. This issue can be exploited by providing a specially crafted .gguf file, potentially leading to code execution. An attacker can trigger this vulnerability by providing a malicious file.

Recommendations For GGUF library version prior to the fix of Commit 18c2e17, consider avoiding the use of the info->ne functionality until a patch is available. As a temporary workaround, restrict the handling of .gguf files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.