CVE-2025-0312

Name of the Vulnerable Software and Affected Versions ollama/ollama versions prior to 0.3.14

Description The issue allows a malicious user to create a customized GGUF model file that, when uploaded and created on the Ollama server, can cause a crash due to an unchecked null pointer dereference. This can lead to a Denial of Service (DoS) attack via remote network.

Recommendations For versions prior to 0.3.14, update to version 0.3.14 or later to resolve the issue. As a temporary workaround, consider restricting access to the GGUF model file upload feature to minimize the risk of exploitation.