CVE-2024-23496

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Feb 26, 2024
CWE ID 190

Summary

CVE-2024-23496 is a heap-based buffer overflow vulnerability in the GGUF library's gguf_fread_str functionality of llama.cpp Commit 18c2e17. This vulnerability can be exploited by a specially crafted .gguf file, potentially leading to code execution. The affected product is the GGUF library. To remediate this vulnerability, it is recommended to update to a version that includes the fix for this issue. This vulnerability poses a high risk to organizations as it can be exploited remotely and does not require any privileges or user interaction. It has a high impact on both integrity and confidentiality, making it a significant threat.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-23496 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options