Browse all 5 CVE security advisories affecting llama.cpp. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Llama.cpp serves as an open-source inference engine for running large language models locally on consumer hardware. Historically, it has faced vulnerabilities including remote code execution, cross-site scripting, and privilege escalation, primarily stemming from improper input validation and memory management issues. The project maintains a moderate security posture with five CVEs recorded to date, addressing issues like buffer overflows and unsafe deserialization. While no major security incidents have been widely reported, the project's C implementation and community-driven development require ongoing vigilance against memory corruption flaws and unsafe handling of untrusted model inputs.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-21825 | llama.cpp 输入验证错误漏洞 — llama.cppCWE-190 | 8.8 | High | 2024-02-26 |
| CVE-2024-21802 | llama.cpp 安全漏洞 — llama.cppCWE-122 | 8.8 | High | 2024-02-26 |
| CVE-2024-23496 | llama.cpp 输入验证错误漏洞 — llama.cppCWE-190 | 8.8 | High | 2024-02-26 |
| CVE-2024-21836 | llama.cpp 输入验证错误漏洞 — llama.cppCWE-190 | 8.8 | High | 2024-02-26 |
| CVE-2024-23605 | llama.cpp 输入验证错误漏洞 — llama.cppCWE-190 | 8.8 | High | 2024-02-26 |
This page lists every published CVE security advisory associated with llama.cpp. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.