CVE-2026-27940.yaml
1 info: 2 name: llama-cpp 3 cve: CVE-2026-27940 4 summary: llama.cpp integer overflow in mem_size calculation leads to heap buffer overflow and arbitrary code execution via malicious GGUF file 5 details: >- 6 llama.cpp is a C/C++ inference engine for LLM models. Prior to build b8146, 7 gguf_init_from_file_impl() in gguf.cpp contains an integer overflow 8 vulnerability in the mem_size calculation. While CVE-2025-53630 added an 9 overflow check on per-addition accumulation of ctx->size, the final mem_size 10 computation at (n_tensors+1)*ggml_tensor_overhead() + ctx->size was not 11 guarded. When ctx->size is near SIZE_MAX (achievable via two large I8 tensors 12 whose per-addition sizes pass the CVE-2025-53630 check), the final addition 13 wraps around to a small value, resulting in an undersized heap allocation. 14 The subsequent fread() writes 528+ bytes of attacker-controlled data past the 15 buffer boundary. By tuning the allocation size to fall within glibc tcache 16 range, this escalates to full arbitrary code execution via system(/bin/sh). 17 Attack vector is local (AV:L); exploitation requires a user to load a 18 malicious GGUF model file. This is a bypass of the CVE-2025-53630 fix in 19 the same function. No public PoC; exploit maturity is LOW. 20 cvss: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 21 severity: HIGH 22 security_advise: Upgrade llama.cpp to build b8146 or later. The fix adds an overflow guard to the mem_size calculation in gguf_init_from_file_impl() to prevent integer wrap-around when ctx->size is near SIZE_MAX. Avoid loading GGUF model files from untrusted sources. 23 references: 24 - https://github.com/ggml-org/llama.cpp/security/advisories/GHSA-3p4r-fq3f-q74v 25 - https://nvd.nist.gov/vuln/detail/CVE-2026-27940 26 rule: version < "b8146" 27 references: 28 - https://github.com/ggml-org/llama.cpp/security/advisories/GHSA-3p4r-fq3f-q74v 29 - https://nvd.nist.gov/vuln/detail/CVE-2026-27940