{"data":{"id":"1e8fb746-0113-4365-a037-8e62ebedcf1d","title":"CVE-2026-47748: stable-diffusion.cpp is a pure C/C++ library for running diffusion model (Stable Diffusion, Flux, Wan, Qwen Image, Z-Ima","summary":"stable-diffusion.cpp is a C/C++ library for running image generation models, but versions before master-584-0a7ae07 have an out-of-bounds reads error (a bug where the program accesses memory beyond its allocated space) when parsing .ckpt checkpoint files (model weight files saved in a specific format). A specially crafted or incomplete .ckpt file could crash the program or cause security issues if loaded from an untrusted source like a public model-sharing website.","solution":"Update to version master-584-0a7ae07 or later. If immediate updating is not possible, avoid loading .ckpt files from untrusted sources and use safer formats such as .safetensors instead.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-47748","publishedAt":"2026-06-16T19:16:55.720Z","cveId":"CVE-2026-47748","cweIds":["CWE-125"],"cvssScore":"5.5","cvssSeverity":"medium","severity":"medium","attackType":["data_extraction"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["Stability AI"],"affectedVendorsRaw":["Stability AI","stable-diffusion.cpp"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","attackVector":"local","attackComplexity":"low","privilegesRequired":"none","userInteraction":"required","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-06-16T19:16:55.720Z","capecIds":["CAPEC-540"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":"model","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}