CVE DATABASE / CVE-2024-41130
CVE-2024-41130
CVSS 5.4 · MEDIUM
Summary
llama.cpp provides LLM inference in C/C++. Prior to b3427, llama.cpp contains a null pointer dereference in gguf_init_from_file. This vulnerability is fixed in b3427.
CVSS 3.1 breakdown
| Base score | 5.4 (MEDIUM) |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L |
| Attack vector | NETWORK |
| Attack complexity | LOW |
| Privileges required | NONE |
| User interaction | REQUIRED |
| Scope | UNCHANGED |
| Confidentiality | NONE |
| Integrity | LOW |
| Availability | LOW |
Weakness type (CWE)
Affected products
Ggml llama.cpp
Check this CVE live
Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.
References
- https://github.com/ggerganov/llama.cpp/commit/07283b1a90e1320aae4762c7e03c879043910252
- https://github.com/ggerganov/llama.cpp/security/advisories/GHSA-49q7-2jmh-92fp
Data: NIST NVD. NVD last modified 2025-08-27. Always verify against the vendor advisory before acting.