CVE-2024-12055: A vulnerability in Ollama versions <=0.3.14 allows a malicious user to create a customized gguf model file that can be u
Summary
CVE-2024-12055 is a vulnerability in Ollama versions 0.3.14 and earlier that allows an attacker to upload a malicious gguf model file (a type of AI model format), which causes the server to crash when processing it. This is a Denial of Service attack (making a service unavailable), and the underlying issue is an out-of-bounds read (attempting to access memory locations that are outside the intended range) in the gguf.go file.
Vulnerability Details
7.5(high)
EPSS: 0.2%
Classification
Affected Vendors
Related Issues
CVE-2022-29200: TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implem
CVE-2021-29541: TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a dereference of a null p
Original source: https://nvd.nist.gov/vuln/detail/CVE-2024-12055
First tracked: February 15, 2026 at 08:44 PM
Classified by LLM (prompt v3) · confidence: 92%