Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.8
LLM Model Software in C/C++ Fails to Validate Memory
CVE-2026-33298
Summary
A bug in a specific software that runs large language models allows an attacker to trick it into using too much memory, potentially letting them run malicious code. This can happen if the software processes a specially crafted file. To fix this issue, update to the latest version.
Original title
llama.cpp is an inference of several LLM models in C/C++. Prior to b7824, an integer overflow vulnerability in the `ggml_nbytes` function allows an attacker to bypass memory validation by crafting ...
Original description
llama.cpp is an inference of several LLM models in C/C++. Prior to b7824, an integer overflow vulnerability in the `ggml_nbytes` function allows an attacker to bypass memory validation by crafting a GGUF file with specific tensor dimensions. This causes `ggml_nbytes` to return a significantly smaller size than required (e.g., 4MB instead of Exabytes), leading to a heap-based buffer overflow when the application subsequently processes the tensor. This vulnerability allows potential Remote Code Execution (RCE) via memory corruption. b7824 contains a fix.
nvd CVSS3.1
7.8
Vulnerability type
CWE-122
Heap-based Buffer Overflow
CWE-190
Integer Overflow
Published: 24 Mar 2026 · Updated: 24 Mar 2026 · First seen: 24 Mar 2026