CVE-2025-53630
HIGHllama.cpp - Heap-based Buffer Overflow in gguf_init_from_file_impl
Title source: llmDescription
llama.cpp is an inference of several LLM models in C/C++. Integer Overflow in the gguf_init_from_file_impl function in ggml/src/gguf.cpp can lead to Heap Out-of-Bounds Read/Write. This vulnerability is fixed in commit 26a48ad699d50b6268900062661bd22f3e792579.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://github.com/ggml-org/llama.cpp/security/advisories/GHSA-vgg9-87g3-85w8
Scores
CVSS v4
8.9
EPSS
0.0032
EPSS Percentile
23.3%
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-122
CWE-680
Status
published
Products (1)
ggml-org/llama.cpp
< 26a48ad699d50b6268900062661bd22f3e792579
Published
Jul 10, 2025
Tracked Since
Feb 18, 2026