{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2025-52566","assignerOrgId":"a0819718-46f1-4df5-94e2-005712e83aaa","state":"PUBLISHED","assignerShortName":"GitHub_M","dateReserved":"2025-06-18T03:55:52.036Z","datePublished":"2025-06-24T03:21:19.009Z","dateUpdated":"2025-06-24T21:49:53.200Z"},"containers":{"cna":{"title":"llama.cpp tokenizer signed vs. unsigned heap overflow","problemTypes":[{"descriptions":[{"cweId":"CWE-119","lang":"en","description":"CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer","type":"CWE"}]},{"descriptions":[{"cweId":"CWE-195","lang":"en","description":"CWE-195: Signed to Unsigned Conversion Error","type":"CWE"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":8.6,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"CHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H","version":"3.1"}}],"references":[{"name":"https://github.com/ggml-org/llama.cpp/security/advisories/GHSA-7rxv-5jhh-j6xx","tags":["x_refsource_CONFIRM"],"url":"https://github.com/ggml-org/llama.cpp/security/advisories/GHSA-7rxv-5jhh-j6xx"},{"name":"https://github.com/ggml-org/llama.cpp/commit/dd6e6d0b6a4bbe3ebfc931d1eb14db2f2b1d70af","tags":["x_refsource_MISC"],"url":"https://github.com/ggml-org/llama.cpp/commit/dd6e6d0b6a4bbe3ebfc931d1eb14db2f2b1d70af"}],"affected":[{"vendor":"ggml-org","product":"llama.cpp","versions":[{"version":"< b5721","status":"affected"}]}],"providerMetadata":{"orgId":"a0819718-46f1-4df5-94e2-005712e83aaa","shortName":"GitHub_M","dateUpdated":"2025-06-24T03:21:19.009Z"},"descriptions":[{"lang":"en","value":"llama.cpp is an inference of several LLM models in C/C++. Prior to version b5721, there is a signed vs. unsigned integer overflow in llama.cpp's tokenizer implementation (llama_vocab::tokenize) (src/llama-vocab.cpp:3036) resulting in unintended behavior in tokens copying size comparison. Allowing heap-overflowing llama.cpp inferencing engine with carefully manipulated text input during tokenization process. This issue has been patched in version b5721."}],"source":{"advisory":"GHSA-7rxv-5jhh-j6xx","discovery":"UNKNOWN"}},"adp":[{"references":[{"url":"https://github.com/ggml-org/llama.cpp/security/advisories/GHSA-7rxv-5jhh-j6xx","tags":["exploit"]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-06-24T21:49:17.452816Z","id":"CVE-2025-52566","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-06-24T21:49:53.200Z"}}]}}