all AI news
GGML GGUF File Format Vulnerabilities
Simon Willison's Weblog simonwillison.net
GGML GGUF File Format Vulnerabilities
The GGML and GGUF formats are used by llama.cpp to package and distribute model weights.
Neil Archibald: "The GGML library performs insufficient validation on the input file and, therefore, contains a selection of potentially exploitable memory corruption vulnerabilities during parsing."
These vulnerabilities were shared with the library authors on 23rd January and patches landed on the 29th.
If you have a llama.cpp or llama-cpp-python installation that's more than a month old you should upgrade ASAP.
ai authors corruption cpp file format generativeai library llama llms memory neil package parsing security validation vulnerabilities