[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1108113: marked as done (llama.cpp: CVE-2025-49847)

Your message dated Fri, 20 Jun 2025 20:34:44 +0000
with message-id <E1uSiRg-00AHgZ-VJ@fasolo.debian.org>
and subject line Bug#1108113: fixed in llama.cpp 5713+dfsg-1
has caused the Debian Bug report #1108113,
regarding llama.cpp: CVE-2025-49847
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1108113: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108113
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Source: llama.cpp
Version: 5318+dfsg-1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>

Hi,

The following vulnerability was published for llama.cpp.

CVE-2025-49847[0]:
| llama.cpp is an inference of several LLM models in C/C++. Prior to
| version b5662, an attacker‐supplied GGUF model vocabulary can
| trigger a buffer overflow in llama.cpp’s vocabulary‐loading code.
| Specifically, the helper _try_copy in llama.cpp/src/vocab.cpp:
| llama_vocab::impl::token_to_piece() casts a very large size_t token
| length into an int32_t, causing the length check (if (length <
| (int32_t)size)) to be bypassed. As a result, memcpy is still called
| with that oversized size, letting a malicious model overwrite memory
| beyond the intended buffer. This can lead to arbitrary memory
| corruption and potential code execution. This issue has been patched
| in version b5662.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2025-49847
    https://www.cve.org/CVERecord?id=CVE-2025-49847
[1] https://github.com/ggml-org/llama.cpp/security/advisories/GHSA-8wwf-w4qm-gpqr
[2] https://github.com/ggml-org/llama.cpp/commit/3cfbbdb44e08fd19429fed6cc85b982a91f0efd5

Regards,
Salvatore

--- End Message ---
--- Begin Message --- 
Source: llama.cpp
Source-Version: 5713+dfsg-1
Done: Christian Kastner <ckk@debian.org>

We believe that the bug you reported is fixed in the latest version of
llama.cpp, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1108113@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Christian Kastner <ckk@debian.org> (supplier of updated llama.cpp package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 20 Jun 2025 21:00:33 +0200
Source: llama.cpp
Architecture: source
Version: 5713+dfsg-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Deep Learning Team <debian-ai@lists.debian.org>
Changed-By: Christian Kastner <ckk@debian.org>
Closes: 1108113
Changes:
 llama.cpp (5713+dfsg-1) unstable; urgency=medium
 .
   * New upstream release (Closes: #1108113)
     - Includes a fix for CVE-2025-49847
   * Refresh patches
   * Update d/copyright
   * Document ggml/llama.cpp/whisper.cpp update procedure
   * Install the new mtmd headers
Checksums-Sha1:
 94302d79f1ea62456e84634d8871a02a4420fc6d 2010 llama.cpp_5713+dfsg-1.dsc
 30647c168358fde6e6014a10565b643157fee655 4907684 llama.cpp_5713+dfsg.orig.tar.xz
 e9831512fc1384d4705f8436c5a0efd385837b88 8956 llama.cpp_5713+dfsg-1.debian.tar.xz
 e1dabf3e0a2fcdd309edea654d71eddd353c13ca 6827 llama.cpp_5713+dfsg-1_source.buildinfo
Checksums-Sha256:
 9785b962bf06465d2d98d116d9950ded1582cd616be7410f86276ff0ef4e2f66 2010 llama.cpp_5713+dfsg-1.dsc
 c89f31b934d364960bf38a1e7097ab4069c13969aad9a8ea26a6034ecd88708c 4907684 llama.cpp_5713+dfsg.orig.tar.xz
 fa6cd498c46f3797a10e5c12ab4aa1649c6cd8d04212e2ed841a3da296614940 8956 llama.cpp_5713+dfsg-1.debian.tar.xz
 9135537b0eebe48228d6f5f22cfb8b63c604892877c77f9cd78716edbb786b68 6827 llama.cpp_5713+dfsg-1_source.buildinfo
Files:
 b0f8f855b4557631b7b7172e3fabca32 2010 science optional llama.cpp_5713+dfsg-1.dsc
 0bab352dde58ebd608330f11873e6f87 4907684 science optional llama.cpp_5713+dfsg.orig.tar.xz
 23d7674b12bb4209d89ba35852b41ca7 8956 science optional llama.cpp_5713+dfsg-1.debian.tar.xz
 83b459a17028e3cdaecf4f03f8589fff 6827 science optional llama.cpp_5713+dfsg-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEQZ9+mkfDq5UZ8bCjOZU6N95Os2sFAmhVvDIACgkQOZU6N95O
s2vIwQ//XKGmvf5qejT0JBsR/jdXWh4DPsqrErtNpqGNiF6H2avL8jsE9TaCV0Gz
r7lM6arNjytss7VAXVQDUAIhGXtjb51nLU22+CwTGd0nfUvLhwFmzX1d1mqmVK1f
8d6EWn5pPlTNMjTX1bdvk7UewhJdUfETJE4vm+cJClaOSc24k0s3wOS1ak3nS4fY
m8VFKisQw2wIqc2InpFTalKnsrGzW87KJtVyYSouQsMqz2ui82lKbLiZMobfDx0c
zENTRpulArkIIjh509SpJAao+hJZ+osJKesEE9x1ve2FgpTNTGuqiUEyLtYR+IKZ
Q6MolYsb0LC7jloOlZB4cN/nEl2Q1CGiwoSUxZ1NHGDEvNYBCt0xGbHaGYZa/jF7
7g32C/mXWwJDTdTT6WSB/BBNr+EyFl4Y1ZH23/pcR+DziVVNzK1xU+tE+ljcRp+x
ibxhT6ElN6mHU2ENx37AJg3SiJVix9V31nNTGb5yxK9vukBmpswO3xNs/x4Zbfcx
fJ/xJi/PCaFjg2XJWP8h1qaBvix7mBxJJwvYJOcCicO8EKTwYTRE53l9tWJUbMzZ
nP2o7HMq5yaZNn95WNBpzHiRSZfxgOfN7qmm7Dps7kDAUor9xTKUoS9EFsKBnfcw
LDKM2PobpfqDOt9R9VwXDN9mWm6tZuiQvMAKGYDIeyEVQkEOWFc=
=jcti
-----END PGP SIGNATURE-----

Attachment: pgpts8qIuYamU.pgp
Description: PGP signature


--- End Message ---
Reply to: