PT-2025-12029 · Llava · Llava

Published

2025-03-20

Updated

2025-03-22

CVE-2024-10225

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions haotian-liu/llava version 1.2.0

Description A Denial of Service (DoS) issue allows an attacker to cause the server to become inaccessible by appending a large number of characters to the end of a multipart boundary in a file upload request, causing the server to continuously process each character.

Recommendations For haotian-liu/llava version 1.2.0, consider restricting the size of file upload requests or validating the multipart boundary to prevent excessive character appending until a patch is available.

Exploit

Fix

DoS

Allocation of Resources Without Limits

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-770CWE-400

Related Identifiers

CVE-2024-10225

Affected Products

Llava

PT-2025-12029 · Llava · Llava

CVE-2024-10225

Weakness Enumeration

Related Identifiers

Affected Products

References · 4