Description
llama.cpp is an inference of several LLM models in C/C++. Prior to b8146, the gguf_init_from_file_impl() in gguf.cpp is vulnerable to an Integer overflow, leading to an undersized heap allocation. Using the subsequent fread() writes 528+ bytes of attacker-controlled data past the buffer boundary. This is a bypass of a similar bug in the same file - CVE-2025-53630, but the fix overlooked some areas. This vulnerability is fixed in b8146.
Published: 2026-03-12
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Arbitrary Code Execution
Action: Immediate Patch
AI Analysis

Impact

The vulnerability in llama.cpp causes a heap buffer overflow due to an integer overflow in the calculation of `mem_size` inside gguf_init_from_file_impl() in gguf.cpp. The overflow results in an undersized heap allocation; subsequently, fread() writes 528+ bytes of attacker-controlled data past the buffer boundary. This is a classic heap-based buffer overflow (CWE-122) triggered by an integer overflow (CWE-190) and can potentially allow an attacker to corrupt memory or execute arbitrary code.

Affected Systems

Affected versions of the ggml-org:llama.cpp library are all releases prior to the commit identifier b8146, which contains the fix referred to in the CVE description. No specific version numbers are listed, so any build of llama.cpp compiled before b8146 is considered vulnerable.

Risk and Exploitability

The CVSS score for this issue is 7.8, indicating a high severity. EPSS is reported as less than 1 %, suggesting a low likelihood of exploitation at present, and the vulnerability is not listed in the CISA KEV catalog. Because the flaw is triggered when a malicious .gguf file is loaded, an attacker would need the ability to supply such a file to the application, implying a local or compromised-host attack vector. If executed, the overflow could lead to remote code execution through the compromised process.

Generated by OpenCVE AI on March 18, 2026 at 14:58 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the llama.cpp patch corresponding to commit b8146 or later
  • Verify the applied update by checking the commit hash provided by the vendor
  • If an immediate update is not possible, restrict the application to loading only trusted, signed model files from secure sources

Generated by OpenCVE AI on March 18, 2026 at 14:58 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 13 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Ggml
Ggml llama.cpp
Vendors & Products Ggml
Ggml llama.cpp

Thu, 12 Mar 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 12 Mar 2026 17:00:00 +0000

Type Values Removed Values Added
Description llama.cpp is an inference of several LLM models in C/C++. Prior to b8146, the gguf_init_from_file_impl() in gguf.cpp is vulnerable to an Integer overflow, leading to an undersized heap allocation. Using the subsequent fread() writes 528+ bytes of attacker-controlled data past the buffer boundary. This is a bypass of a similar bug in the same file - CVE-2025-53630, but the fix overlooked some areas. This vulnerability is fixed in b8146.
Title llama.cpp has a Heap Buffer Overflow via Integer Overflow in `mem_size` Calculation — Bypass of CVE-2025-53630 Fix
Weaknesses CWE-122
CWE-190
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

Subscriptions

Ggml Llama.cpp
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-03-14T03:55:24.463Z

Reserved: 2026-02-25T03:11:36.689Z

Link: CVE-2026-27940

cve-icon Vulnrichment

Updated: 2026-03-12T20:33:45.889Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-12T17:16:49.920

Modified: 2026-03-12T21:07:53.427

Link: CVE-2026-27940

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-20T15:48:58Z

Weaknesses