llama.cpp is an inference of several LLM models in C/C++. Integer Overflow in the ggufinitfromfileimpl function in ggml/src/gguf.cpp can lead to Heap Out-of-Bounds Read/Write. This vulnerability is fixed in commit 26a48ad699d50b6268900062661bd22f3e792579.
{
"cna_assigner": "GitHub_M",
"cwe_ids": [
"CWE-122",
"CWE-680"
],
"unresolved_ranges": [
{
"extracted_events": [
{
"fixed": "26a48ad699d50b6268900062661bd22f3e792579"
}
],
"source": "AFFECTED_FIELD"
}
],
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/53xxx/CVE-2025-53630.json"
}"2026-07-13T21:10:21Z"
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-53630.json"
[
{
"signature_type": "Function",
"target": {
"file": "ggml/src/gguf.cpp",
"function": "gguf_init_from_file_impl"
},
"deprecated": false,
"digest": {
"length": 11142.0,
"function_hash": "233495218054131791824757594236930240489"
},
"id": "CVE-2025-53630-827d3fe7",
"source": "https://github.com/ggml-org/llama.cpp/commit/26a48ad699d50b6268900062661bd22f3e792579",
"signature_version": "v1"
},
{
"signature_type": "Line",
"target": {
"file": "ggml/src/gguf.cpp"
},
"deprecated": false,
"digest": {
"line_hashes": [
"132866023492218182676539104264454782445",
"38103041541630836283916692900154892350",
"132266536879057283469325283026721742444",
"278956421764174210838535740291037035427"
],
"threshold": 0.9
},
"id": "CVE-2025-53630-a6d51fe9",
"source": "https://github.com/ggml-org/llama.cpp/commit/26a48ad699d50b6268900062661bd22f3e792579",
"signature_version": "v1"
}
]