HIGH🇬🇧 English

CVE-2026-27940

CVSS 7.8v3.1pub. 2026-03-12upd. 2026-04-28

llama.cpp is an inference of several LLM models in C/C++. Prior to b8146, the gguf_init_from_file_impl() in gguf.cpp is vulnerable to an Integer overflow, leading to an undersized heap allocation. Using the subsequent fread() writes 528+ bytes of attacker-controlled data past the buffer boundary. This is a bypass of a similar bug in the same file - CVE-2025-53630, but the fix overlooked some areas. This vulnerability is fixed in b8146.

oryginał EN
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  • Ggml Llama.cpp

    APP
    Ggml
    < b8146
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2026-34159CRITICAL9.8PL ✓ten sam produkt

RCE w llama.cpp — brak walidacji granic w RPC backend (deserialization)

CVE-2024-42479CRITICAL10.0PL ✓ten sam produkt

Zapis pod dowolny adres pamięci w llama.cpp poprzez wskaźnik rpc_tensor

CVE-2026-33298HIGH7.8ten sam produkt

llama.cpp is an inference of several LLM models in C/C++. Prior to b7824, an integer overflow vulnerability in...

CVE-2026-21869HIGH8.8ten sam produkt

llama.cpp is an inference of several LLM models in C/C++. In commits 55d4206c8 and prior, the n_discard parame...

CVE-2025-52566HIGH8.6ten sam produkt

llama.cpp is an inference of several LLM models in C/C++. Prior to version b5721, there is a signed vs. unsign...

CVE-2026-27940 — HIGH 7.8 | CVEbaza.pl