{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-33298", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-18T18:55:47.427Z", "datePublished": "2026-03-24T00:01:40.989Z", "dateUpdated": "2026-03-25T03:55:51.679Z"}, "containers": {"cna": {"title": "llama.cpp has a Heap Buffer Overflow via Integer Overflow in GGUF Tensor Parsing", "problemTypes": [{"descriptions": [{"cweId": "CWE-122", "lang": "en", "description": "CWE-122: Heap-based Buffer Overflow", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-190", "lang": "en", "description": "CWE-190: Integer Overflow or Wraparound", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/ggml-org/llama.cpp/security/advisories/GHSA-96jg-mvhq-q7q7", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/ggml-org/llama.cpp/security/advisories/GHSA-96jg-mvhq-q7q7"}, {"name": "https://github.com/ggml-org/llama.cpp/releases/tag/b7824", "tags": ["x_refsource_MISC"], "url": "https://github.com/ggml-org/llama.cpp/releases/tag/b7824"}], "affected": [{"vendor": "ggml-org", "product": "llama.cpp", "versions": [{"version": "< b7824", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-24T00:01:40.989Z"}, "descriptions": [{"lang": "en", "value": "llama.cpp is an inference of several LLM models in C/C++. Prior to b7824, an integer overflow vulnerability in the `ggml_nbytes` function allows an attacker to bypass memory validation by crafting a GGUF file with specific tensor dimensions. This causes `ggml_nbytes` to return a significantly smaller size than required (e.g., 4MB instead of Exabytes), leading to a heap-based buffer overflow when the application subsequently processes the tensor. This vulnerability allows potential Remote Code Execution (RCE) via memory corruption. b7824 contains a fix."}], "source": {"advisory": "GHSA-96jg-mvhq-q7q7", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-24T00:00:00+00:00", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2026-33298"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-25T03:55:51.679Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-33298", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-24T13:30:06.212447Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-24T13:30:16.553Z"}}], "cna": {"title": "llama.cpp has a Heap Buffer Overflow via Integer Overflow in GGUF Tensor Parsing", "source": {"advisory": "GHSA-96jg-mvhq-q7q7", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "ggml-org", "product": "llama.cpp", "versions": [{"status": "affected", "version": "< b7824"}]}], "references": [{"url": "https://github.com/ggml-org/llama.cpp/security/advisories/GHSA-96jg-mvhq-q7q7", "name": "https://github.com/ggml-org/llama.cpp/security/advisories/GHSA-96jg-mvhq-q7q7", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/ggml-org/llama.cpp/releases/tag/b7824", "name": "https://github.com/ggml-org/llama.cpp/releases/tag/b7824", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "llama.cpp is an inference of several LLM models in C/C++. Prior to b7824, an integer overflow vulnerability in the `ggml_nbytes` function allows an attacker to bypass memory validation by crafting a GGUF file with specific tensor dimensions. This causes `ggml_nbytes` to return a significantly smaller size than required (e.g., 4MB instead of Exabytes), leading to a heap-based buffer overflow when the application subsequently processes the tensor. This vulnerability allows potential Remote Code Execution (RCE) via memory corruption. b7824 contains a fix."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-122", "description": "CWE-122: Heap-based Buffer Overflow"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-190", "description": "CWE-190: Integer Overflow or Wraparound"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-24T00:01:40.989Z"}}}, "cveMetadata": {"cveId": "CVE-2026-33298", "state": "PUBLISHED", "dateUpdated": "2026-03-25T03:55:51.679Z", "dateReserved": "2026-03-18T18:55:47.427Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-24T00:01:40.989Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ggml:llama.cpp:*:*:*:*:*:*:*:*", "matchCriteriaId": "471181FC-F68E-43C2-AC26-06D790AEE75F", "versionEndExcluding": "b7824", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "llama.cpp is an inference of several LLM models in C/C++. Prior to b7824, an integer overflow vulnerability in the `ggml_nbytes` function allows an attacker to bypass memory validation by crafting a GGUF file with specific tensor dimensions. This causes `ggml_nbytes` to return a significantly smaller size than required (e.g., 4MB instead of Exabytes), leading to a heap-based buffer overflow when the application subsequently processes the tensor. This vulnerability allows potential Remote Code Execution (RCE) via memory corruption. b7824 contains a fix."}, {"lang": "es", "value": "llama.cpp es una inferencia de varios modelos LLM en C/C++. Antes de b7824, una vulnerabilidad de desbordamiento de entero en la funci\u00f3n `ggml_nbytes` permite a un atacante eludir la validaci\u00f3n de memoria al crear un archivo GGUF con dimensiones de tensor espec\u00edficas. Esto hace que `ggml_nbytes` devuelva un tama\u00f1o significativamente menor al requerido (por ejemplo, 4MB en lugar de Exabytes), lo que lleva a un desbordamiento de b\u00fafer basado en mont\u00edculo cuando la aplicaci\u00f3n procesa posteriormente el tensor. Esta vulnerabilidad permite una posible ejecuci\u00f3n remota de c\u00f3digo (RCE) a trav\u00e9s de corrupci\u00f3n de memoria. b7824 contiene una correcci\u00f3n."}], "id": "CVE-2026-33298", "lastModified": "2026-04-30T17:01:02.417", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-03-24T01:17:01.870", "references": [{"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://github.com/ggml-org/llama.cpp/releases/tag/b7824"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/ggml-org/llama.cpp/security/advisories/GHSA-96jg-mvhq-q7q7"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-122"}, {"lang": "en", "value": "CWE-190"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,b7824)"}}], "enrichment": {"confidence": 88.0, "confidence_source": "matching", "scores": [{"score": 88.0, "source": "matching"}]}, "original": {"product": "llama.cpp", "source": "cna", "vendor": "ggml-org"}, "product": "llama.cpp", "vendor": "ggml"}], "analysis": {"en": {"generated_at": "2026-03-24T03:37:24.429612+00:00", "value": {"mitigation_remediation": ["Apply the latest llama.cpp release (b7824 or later) to incorporate the ggml_nbytes integer overflow patch.", "If upgrading is not immediately possible, limit the use of GGUF file imports to trusted sources and enforce file validation before processing.", "Monitor logs for signs of memory corruption or unusual service crashes that could indicate an attempted exploitation."], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "The affected product is llama.cpp from ggml-org. Versions released before the b7824 commit are vulnerable. The fix is included in release b7824 and later.", "description_and_impact": "The vulnerability in llama.cpp arises from an integer overflow in the ggml_nbytes function. By crafting a GGUF file with specific tensor dimensions, an attacker can cause the function to return a size that is dramatically smaller than the actual memory required, leading to a heap-based buffer overflow. This chain of events can corrupt the heap, enabling the attacker to execute arbitrary code. The weakness is a classic integer overflow (CWE-190) resulting in memory corruption (CWE-122).", "risk_and_exploitability": "The CVSS score of 7.8 indicates a high severity. The lack of an EPSS score makes it difficult to gauge current exploitation probability, but the absence of a known exploit in the KEV catalog suggests limited active exploitation yet. Exploitation requires an attacker to supply a malicious GGUF file to the application, which may be feasible if the service parses untrusted files or receives files from network or local users. Because the vulnerability leads to a heap buffer overflow, exploitation can result in code execution with the privileges of the running process."}}}}, "created": "2026-03-24T10:29:39.890153+00:00", "updated": "2026-03-25T20:40:45.992955+00:00", "vendors": ["ggml", "ggml$PRODUCT$llama.cpp"]}