CVE-2025-49847

Name of the Vulnerable Software and Affected Versions llama.cpp versions prior to b5662

Description The issue is related to a buffer overflow in the vocabulary-loading code of llama.cpp. An attacker-supplied GGUF model vocabulary can trigger this overflow. Specifically, the helper function token to piece() in vocab.cpp casts a large size t token length into an int32 t, causing the length check to be bypassed. As a result, memcpy is called with an oversized size, allowing a malicious model to overwrite memory beyond the intended buffer. This can lead to arbitrary memory corruption and potential code execution.

Recommendations For versions prior to b5662, update to version b5662 to resolve the issue. As a temporary workaround, consider restricting the use of attacker-supplied GGUF model vocabularies to minimize the risk of exploitation.