CVE-2025-0317

Name of the Vulnerable Software and Affected Versions ollama/ollama versions prior to 0.3.14

Description A malicious user can upload and create a customized GGUF model file on the Ollama server, leading to a division by zero error in the ggufPadding function. This error causes the server to crash, resulting in a Denial of Service (DoS) attack.

Recommendations For versions prior to 0.3.14, update to version 0.3.14 or later to resolve the issue. As a temporary workaround, consider disabling the ggufPadding function until a patch is available. Restrict access to the GGUF model file upload feature to minimize the risk of exploitation.