Browse all 5 CVE security advisories affecting ggerganov. AI-powered Chinese analysis, POCs, and references for each vulnerability.
ggerganov develops open-source audio processing tools, primarily focused on real-time voice communication applications. The project's codebase has historically been vulnerable to remote code execution flaws, often stemming from buffer overflows in audio parsing components. Cross-site scripting vulnerabilities have also been identified in web-based interfaces. Privilege escalation risks exist in certain implementations where improper permission checks allow unauthorized access system resources. While no major public security incidents have been documented, the consistent presence of memory corruption vulnerabilities in audio processing modules suggests a need for rigorous input validation and secure coding practices across the project's ecosystem.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-42479 | llama.cpp allows write-what-where in rpc_server::set_tensor — llama.cppCWE-123 | 10.0 | Critical | 2024-08-12 |
| CVE-2024-42478 | llama.cpp allows Arbitrary Address Read in rpc_server::get_tensor — llama.cppCWE-125 | 5.3 | Medium | 2024-08-12 |
| CVE-2024-42477 | llama.cpp global-buffer-overflow in ggml_type_size — llama.cppCWE-125 | 5.3 | Medium | 2024-08-12 |
| CVE-2024-41130 | llama.cpp null pointer dereference in gguf_init_from_file — llama.cppCWE-476 | 5.4 | Medium | 2024-07-22 |
| CVE-2024-32878 | Use of Uninitialized Variable Vulnerability in llama.cpp — llama.cppCWE-456 | 7.1 | High | 2024-04-26 |
This page lists every published CVE security advisory associated with ggerganov. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.