Impact
This vulnerability is a heap-based buffer overflow that occurs in the BINUNICODE opcode handler of the pickle .ckpt parser used by stable‑diffusion.cpp. The issue is caused by sign confusion on the opcode length field, which allows a crafted .ckpt file to trigger a memcpy with an excessively large length derived from a negative signed value, resulting in immediate heap corruption. Heap corruption can lead to denial of service or arbitrary code execution depending on the context of the execution and the privileges of the process handling the file. The weakness is mapped to CWE-122 and CWE-787.
Affected Systems
The affected product is stable‑diffusion.cpp, a pure C/C++ library for diffusion model inference. Versions prior to master‑584‑0a7ae07 are vulnerable. The vendor is leejet and the library is used for running models such as Stable Diffusion, Flux, Wan, Qwen Image, Z‑Image, and others.
Risk and Exploitability
The CVSS score of 7.8 indicates high severity. The EPSS score of <1% suggests a low probability of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector is local or remote file supply: an attacker who can place a crafted .ckpt file in a location that the application loads is able to trigger the overflow. Because the vulnerability occurs in memory handling code, privilege escalation or code execution is plausible if the process runs with elevated privileges or if the overflow modifies control data.
OpenCVE Enrichment