Upstream information

CVE-2025-49847 at MITRE

Description

llama.cpp is an inference of several LLM models in C/C++. Prior to version b5662, an attacker‐supplied GGUF model vocabulary can trigger a buffer overflow in llama.cpp's vocabulary‐loading code. Specifically, the helper _try_copy in llama.cpp/src/vocab.cpp: llama_vocab::impl::token_to_piece() casts a very large size_t token length into an int32_t, causing the length check (if (length < (int32_t)size)) to be bypassed. As a result, memcpy is still called with that oversized size, letting a malicious model overwrite memory beyond the intended buffer. This can lead to arbitrary memory corruption and potential code execution. This issue has been patched in version b5662.

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently rated as having important severity.

CVSS v3 Scores
  CNA (GitHub)
Base Score 8.8
Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction Required
Scope Unchanged
Confidentiality Impact High
Integrity Impact High
Availability Impact High
CVSSv3 Version 3.1
SUSE Bugzilla entry: 1244714 [NEW]

No SUSE Security Announcements cross referenced.

List of released packages

Product(s) Fixed package version(s) References
openSUSE Tumbleweed
  • ggml-devel >= 5699-1.1
  • libggml >= 5699-1.1
  • libggml-base >= 5699-1.1
  • libggml-cpu >= 5699-1.1
  • libggml-opencl >= 5699-1.1
  • libggml-vulkan >= 5699-1.1
  • libllama >= 5699-1.1
  • libmtmd >= 5699-1.1
  • llamacpp >= 5699-1.1
  • llamacpp-devel >= 5699-1.1
 Patchnames:
openSUSE-Tumbleweed-2025-15245

SUSE Timeline for this CVE

CVE page created: Wed Jun 18 00:00:18 2025
CVE page last modified: Wed Jul 16 12:29:28 2025