Impact
An out‑of‑bounds read flaw exists in the PyTorch checkpoint pickle parser of stable‑diffusion.cpp. The parser does not verify that sufficient data remains before advancing the parsing buffer, so a crafted or truncated .ckpt file can cause the library to read beyond the end of the metadata buffer. The resulting leak can expose internal memory contents and may also trigger a crash, producing a denial of service. The vulnerability is identified as CWE-125.
Affected Systems
Developers and operators integrating stable‑diffusion.cpp releases prior to master‑584‑0a7ae07 are affected if their applications load .ckpt files from untrusted sources such as model sharing sites. Any process that accepts external checkpoint files with this library is vulnerable.
Risk and Exploitability
The CVSS score of 5.5 places the issue in the moderate range, and the EPSS score of less than 1% indicates a very low exploit probability. The flaw is not listed in CISA’s KEV catalog. Based on the description, the likely attack vector is delivery of a malicious or truncated .ckpt file that is read during model loading. An attacker can supply such a file from a public model marketplace or by tampering with a legitimate download. Once parsed, the out‑of‑bounds read may leak sensitive data or crash the process.
OpenCVE Enrichment