llama.cpp Integer Overflow Vulnerability in GGUF Parser Leading to Heap Out-of-Bounds Read/Write
Vulnerability
An integer overflow vulnerability has been identified in the GGUF parser of llama.cpp, specifically in the gguf_init_from_file_impl function within ggml/src/gguf.cpp. This vulnerability can lead to heap-based out-of-bounds read and write operations. The issue arises during the calculation of the cumulative size of tensor data, where improper handling of tensor offsets can create a scenario for memory corruption.
Impact
Exploitation of this vulnerability causes heap-based out-of-bounds read and write operations, leading to memory corruption.
Reproduction
The vulnerability can be reproduced by crafting a malicious GGUF model file that manipulates tensor metadata to cause an integer overflow in the size calculation. This crafted file can then be loaded using the llama.cpp application, which will trigger the out-of-bounds access and cause a segmentation fault.
Remediation
Users should update to version 26a48ad or later, where this vulnerability has been fixed.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.