CVE-2024-12055

CVSS v3.1

7.5

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Ollama versions <=0.3.14

Description A malicious user can create a customized gguf model file that can be uploaded to the public Ollama server, causing it to crash and leading to a Denial of Service (DoS) attack. The root cause of the issue is an out-of-bounds read in the gguf.go file.

Recommendations For Ollama versions <=0.3.14, update to a version later than 0.3.14 to resolve the issue. As a temporary workaround, consider restricting access to the gguf model file upload feature to minimize the risk of exploitation.

Exploit

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

CVE-2024-12055

GHSA-89QX-M49C-8CRF

GO-2025-3558

OPENSUSE-SU-2025:14955-1

Affected Products

Ollama

CVE-2024-12055

Weakness Enumeration

Related Identifiers

Affected Products

References · 14