CVE-2025-15514

Name of the Vulnerable Software and Affected Versions Ollama versions 0.11.5-rc0 through 0.13.5

Description Ollama contains a flaw due to insufficient validation of base64-encoded image data. Specifically, when processing image data through the /api/chat endpoint, the application does not verify the validity of the decoded media before passing it to the mtmd helper bitmap init from buf function. If this function returns NULL, indicating malformed input, the code proceeds to dereference the NULL pointer, leading to a segmentation fault and a denial of service. This can cause the model to become unavailable until the service is restarted. The vulnerability exists in the multi-modal model image processing functionality.

Recommendations Update Ollama to a version newer than 0.13.5.