{"data":{"id":"69538623-8a2c-4ffb-b596-a771d17638e3","title":"CVE-2026-47749: stable-diffusion.cpp is a pure C/C++ library for running diffusion model (Stable Diffusion, Flux, Wan, Qwen Image, Z-Ima","summary":"stable-diffusion.cpp, a C/C++ library for running AI image generation models, has a heap buffer overflow vulnerability (a memory corruption bug where data writes beyond allocated memory) in how it parses PyTorch checkpoint files (.ckpt files). A malicious checkpoint file could crash the application or potentially execute harmful code if loaded by an application using vulnerable versions before master-584-0a7ae07.","solution":"Update to version master-584-0a7ae07 or later. As a temporary workaround if immediate updates are not possible, avoid loading .ckpt files from untrusted sources and use trusted model sources or safer formats such as .safetensors instead.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-47749","publishedAt":"2026-06-16T19:16:55.867Z","cveId":"CVE-2026-47749","cweIds":["CWE-122","CWE-787"],"cvssScore":"7.8","cvssSeverity":"high","severity":"high","attackType":["model_theft"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["Stability AI"],"affectedVendorsRaw":["Stability AI","stable-diffusion.cpp"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","attackVector":"local","attackComplexity":"low","privilegesRequired":"none","userInteraction":"required","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-06-16T19:16:55.867Z","capecIds":["CAPEC-100"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity","availability"],"aiComponentTargeted":"model","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}