Bug 2450575 (CVE-2026-33298)

Summary: CVE-2026-33298 llama.cpp: llama.cpp: Remote Code Execution vulnerability due to integer overflow in GGUF file processing
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedKeywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A flaw was found in llama.cpp. A remote attacker could exploit an integer overflow vulnerability in the `ggml_nbytes` function by crafting a malicious GGUF (GGML Universal Format) file with specific tensor dimensions. This flaw causes the `ggml_nbytes` function to return an incorrect size, leading to a heap-based buffer overflow when the application processes the tensor. Successful exploitation could result in remote code execution through memory corruption.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2450676, 2450677, 2450678    
Bug Blocks:    

Description OSIDB Bzimport 2026-03-24 01:02:26 UTC 
llama.cpp is an inference of several LLM models in C/C++. Prior to b7824, an integer overflow vulnerability in the `ggml_nbytes` function allows an attacker to bypass memory validation by crafting a GGUF file with specific tensor dimensions. This causes `ggml_nbytes` to return a significantly smaller size than required (e.g., 4MB instead of Exabytes), leading to a heap-based buffer overflow when the application subsequently processes the tensor. This vulnerability allows potential Remote Code Execution (RCE) via memory corruption. b7824 contains a fix.