CVE-2025-15514

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-15514

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-15514.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-15514

Downstream

MINI-wg3g-7j27-5v6x

Published

2026-01-12T23:15:51.957Z

Modified

2026-03-15T21:45:19.904360Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

Ollama 0.11.5-rc0 through current version 0.13.5 contain a null pointer dereference vulnerability in the multi-modal model image processing functionality. When processing base64-encoded image data via the /api/chat endpoint, the application fails to validate that the decoded data represents valid media before passing it to the mtmdhelperbitmapinitfrom_buf function. This function can return NULL for malformed input, but the code does not check this return value before dereferencing the pointer in subsequent operations. A remote attacker can exploit this by sending specially crafted base64 image data that decodes to invalid media, causing a segmentation fault and crashing the runner process. This results in a denial of service condition where the model becomes unavailable to all users until the service is restarted.

References

Affected packages

Git / github.com/ollama/ollama

Affected ranges

Type

GIT

Repo

https://github.com/ollama/ollama

Events

Introduced

6de62664d957a9b6606b39330af701b5f4a24035

Last affected

7325791599409de52534429897481918717a9e85

Introduced

Last affected

f804e8a46005b36e6f14577f4226cf2046abce12

Introduced

Last affected

d5a0d8d904baaf66a5326463a409fe4fa09b2dd2

Introduced

Last affected

6eaf194b8540bdec2b96eafcf98481f4400bdf1e

Introduced

Last affected

d925b5350c75a66e7830e00f53b243084395821f

Introduced

Last affected

f804e8a46005b36e6f14577f4226cf2046abce12

Introduced

Last affected

f804e8a46005b36e6f14577f4226cf2046abce12

Introduced

Last affected

f804e8a46005b36e6f14577f4226cf2046abce12

Database specific

{
    "versions": [
        {
            "introduced": "0.11.6"
        },
        {
            "last_affected": "0.13.5"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.11.5-NA"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.11.5-rc0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.11.5-rc1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.11.5-rc2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.11.5-rc3"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.11.5-rc4"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.11.5-rc5"
        }
    ]
}

Affected versions

v0.*

v0.11.10

v0.11.11

v0.11.11-rc0

v0.11.11-rc1

v0.11.11-rc2

v0.11.11-rc3

v0.11.6

v0.11.6-rc0

v0.11.7

v0.11.7-rc0

v0.11.7-rc1

v0.11.8

v0.11.8-rc0

v0.11.9

v0.11.9-rc0

v0.12.0

v0.12.0-rc0

v0.12.0-rc1

v0.12.1

v0.12.1-rc0

v0.12.1-rc1

v0.12.1-rc2

v0.12.10

v0.12.10-rc0

v0.12.10-rc1

v0.12.11

v0.12.11-rc0

v0.12.11-rc1

v0.12.2

v0.12.2-rc0

v0.12.3

v0.12.4

v0.12.4-rc0

v0.12.4-rc1

v0.12.4-rc2

v0.12.4-rc3

v0.12.4-rc4

v0.12.4-rc5

v0.12.4-rc6

v0.12.4-rc7

v0.12.5

v0.12.5-rc0

v0.12.6

v0.12.6-rc0

v0.12.6-rc1

v0.12.7

v0.12.7-rc0

v0.12.7-rc1

v0.12.8

v0.12.8-rc0

v0.12.9

v0.12.9-rc0

v0.13.0

v0.13.0-rc0

v0.13.1

v0.13.1-rc0

v0.13.1-rc1

v0.13.1-rc2

v0.13.2

v0.13.2-rc0

v0.13.2-rc1

v0.13.2-rc2

v0.13.3

v0.13.3-rc0

v0.13.3-rc1

v0.13.4

v0.13.4-rc0

v0.13.4-rc1

v0.13.4-rc2

v0.13.5

v0.13.5-rc0

v0.13.5-rc1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-15514.json"