Ollama Null Pointer Dereference Vulnerability in Multi-Modal Model Image Processing

A null pointer dereference vulnerability has been identified in Ollama versions 0.11.5-rc0 through 0.13.5. This issue arises in the multi-modal model image processing feature, specifically when the application processes base64-encoded image data via the /api/chat endpoint. The vulnerability exists because the application does not validate that the decoded data represents valid media before passing it to the mtmd_helper_bitmap_init_from_buf function. This function can return NULL for malformed input, but the code fails to check this return value before dereferencing the pointer in subsequent operations. As a result, a remote attacker can exploit this vulnerability by sending specially crafted base64 image data that decodes to invalid media, leading to a segmentation fault that crashes the runner process. This creates a denial-of-service condition, making the model unavailable to all users until the service is restarted.

Impact

Exploitation of this vulnerability causes a segmentation fault, crashing the runner process and creating a denial-of-service condition where the model becomes unavailable to all users until the service is restarted. This disruption is compounded by the fact that all concurrent requests for the model share the same runner, causing an immediate loss of service for all users interacting with that model.

Reproduction

To reproduce this vulnerability, first pull the 'minicpm-v' model. Then, start the Ollama server. After the server is running, send a POST request to the /api/chat endpoint with base64-encoded image data that is intentionally malformed. The server will crash, demonstrating the null pointer dereference vulnerability.

Remediation

Update the 'ollama/llama/llama.go' file to include a null check for the decoded media pointer before it is used. This can be done by modifying the code to abort the operation if the bitmap initialization fails, preventing the null pointer dereference.