Impact
The vulnerability is a heap buffer overflow triggered by processing the GLOBAL opcode in PyTorch checkpoint (.ckpt) files in stable‑diffusion.cpp. When a crafted checkpoint file omits the expected newline delimiter, the parser interprets a negative length and overwrites heap memory. This flaw can lead to memory corruption and, in a suitable environment, arbitrary code execution or a denial of service. The weakness is a buffer overflow, corresponding to CWE‑787.
Affected Systems
Developers and users of the stable‑diffusion.cpp library before the commit master‑584‑0a7ae07 are affected. The library supports multiple diffusion models such as Stable Diffusion, Flux, Wan, Qwen Image, and Z‑Image. The vulnerability specifically impacts the checkpoint parser in src/model.cpp and applies to any application that loads .ckpt files from untrusted sources using this library.
Risk and Exploitability
The CVSS score of 7.8 indicates high severity, but the EPSS value of less than 1% suggests low likelihood of exploitation at present. The flaw is not listed in the CISA KEV catalog. Exploitation requires an attacker to supply a malicious .ckpt file that an application using stable‑diffusion.cpp will load, which is feasible if the model is obtained from an untrusted or compromised repository. Once the buffer overflow occurs, the attacker could potentially execute arbitrary code or crash the application.
OpenCVE Enrichment