CVE-2026-33298 - Vulnerability Details

- llama.cpp has a Heap Buffer Overflow via Integer Overflow in GGUF Tensor Parsing

Description

llama.cpp is an inference of several LLM models in C/C++. Prior to b7824, an integer overflow vulnerability in the `ggml_nbytes` function allows an attacker to bypass memory validation by crafting a GGUF file with specific tensor dimensions. This causes `ggml_nbytes` to return a significantly smaller size than required (e.g., 4MB instead of Exabytes), leading to a heap-based buffer overflow when the application subsequently processes the tensor. This vulnerability allows potential Remote Code Execution (RCE) via memory corruption. b7824 contains a fix.

Published: 2026-03-24

Score: 7.8 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability in llama.cpp arises from an integer overflow in the ggml_nbytes function. By crafting a GGUF file with specific tensor dimensions, an attacker can cause the function to return a size that is dramatically smaller than the actual memory required, leading to a heap-based buffer overflow. This chain of events can corrupt the heap, enabling the attacker to execute arbitrary code. The weakness is a classic integer overflow (CWE-190) resulting in memory corruption (CWE-122).

Affected Systems

The affected product is llama.cpp from ggml-org. Versions released before the b7824 commit are vulnerable. The fix is included in release b7824 and later.

Risk and Exploitability

The CVSS score of 7.8 indicates a high severity. The lack of an EPSS score makes it difficult to gauge current exploitation probability, but the absence of a known exploit in the KEV catalog suggests limited active exploitation yet. Exploitation requires an attacker to supply a malicious GGUF file to the application, which may be feasible if the service parses untrusted files or receives files from network or local users. Because the vulnerability leads to a heap buffer overflow, exploitation can result in code execution with the privileges of the running process.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

ggml-org

llama.cpp

affected

Version	Status	Constraints
`< b7824`	affected	—

No data.

Vendor Product Confidence Versions

Ggml

Llama.cpp

88%

Version	Status	Scheme	Platform
`[0,b7824)`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the latest llama.cpp release (b7824 or later) to incorporate the ggml_nbytes integer overflow patch.
If upgrading is not immediately possible, limit the use of GGUF file imports to trusted sources and enforce file validation before processing.
Monitor logs for signs of memory corruption or unusual service crashes that could indicate an attempted exploitation.

Generated by OpenCVE AI on March 24, 2026 at 03:37 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00015.

Exploitation poc

Automatable no

Technical Impact total

References

Link	Providers
https://github.com/ggml-org/llama.cpp/releases/tag/b7824
https://github.com/ggml-org/llama.cpp/security/advisories/GHSA-96jg-mvhq-q7q7

History

Tue, 24 Mar 2026 14:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Tue, 24 Mar 2026 10:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Ggml Ggml llama.cpp
Vendors & Products		Ggml Ggml llama.cpp

Tue, 24 Mar 2026 02:30:00 +0000

Type	Values Removed	Values Added
Description		llama.cpp is an inference of several LLM models in C/C++. Prior to b7824, an integer overflow vulnerability in the `ggml_nbytes` function allows an attacker to bypass memory validation by crafting a GGUF file with specific tensor dimensions. This causes `ggml_nbytes` to return a significantly smaller size than required (e.g., 4MB instead of Exabytes), leading to a heap-based buffer overflow when the application subsequently processes the tensor. This vulnerability allows potential Remote Code Execution (RCE) via memory corruption. b7824 contains a fix.
Title		llama.cpp has a Heap Buffer Overflow via Integer Overflow in GGUF Tensor Parsing
Weaknesses		CWE-122 CWE-190
References		https://github.com/ggml-org/llama.cpp/releases/tag/b7824 https://github.com/ggml-org/llama.cpp/security/advisories/GHSA-96jg-mvhq-q7q7
Metrics		cvssV3_1 `{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}`

Subscriptions

Ggml Llama.cpp

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2026-03-24T00:01:40.989Z

Updated: 2026-03-25T03:55:51.679Z

Reserved: 2026-03-18T18:55:47.427Z

Link: CVE-2026-33298

Vulnrichment

Updated: 2026-03-24T13:30:16.553Z

NVD

Status : Awaiting Analysis

Published: 2026-03-24T01:17:01.870

Modified: 2026-03-24T15:53:48.067

Link: CVE-2026-33298

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-03-25T20:40:45Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Exploitation poc

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object