Impact
A heap buffer overflow exists in the SHORT_BINUNICODE opcode handler of the PyTorch checkpoint parser in stable‑diffusion.cpp. The overflow is caused by sign confusion on the opcode length field, allowing a crafted .ckpt file to trigger memcpy with a very large length derived from a negative signed value, resulting in immediate heap corruption. This weakness can crash the process and, depending on the heap layout, may be leveraged for arbitrary code execution. The flaw corresponds to CWE‑122 and CWE‑787.
Affected Systems
All releases of the stable‑diffusion.cpp library prior to master‑584‑0a7ae07 are affected. Any application that uses this library to load PyTorch checkpoint files from an untrusted source is vulnerable, regardless of the diffusion model being run.
Risk and Exploitability
The CVSS score of 7.8 indicates high severity, but the EPSS score of less than 1% suggests a low probability of exploitation at present. The vulnerability is not listed in CISA’s KEV catalog. The attack requires an adversary to supply a malicious .ckpt file to an application that loads it, which is a practical and readily achievable scenario for consumers downloading models from model sharing sites. Once a vulnerable application processes such a file, it may experience a crash or, if the heap state is favorable, could allow arbitrary code execution.
OpenCVE Enrichment