CVE-2025-53630

EUVD-2025-21070
llama.cpp is an inference of several LLM models in C/C++. Integer Overflow in the gguf_init_from_file_impl function in ggml/src/gguf.cpp can lead to Heap Out-of-Bounds Read/Write. This vulnerability is fixed in commit 26a48ad699d50b6268900062661bd22f3e792579.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
UNKNOWN
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Debian logo
Debian Releases
Debian Product
Codename
ggml
forky
0.9.11-1
fixed
sid
0.9.11-1
fixed
llama.cpp
forky
8681+dfsg-1
fixed
sid
8681+dfsg-1
fixed
Common Weakness Enumeration
References
https://github.com/ggml-org/llama.cpp/commit/26a48ad699d50b6268900062661bd22f3e792579
https://github.com/ggml-org/llama.cpp/security/advisories/GHSA-vgg9-87g3-85w8