{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-11T03:47:27.241","vulnerabilities":[{"cve":{"id":"CVE-2025-52566","sourceIdentifier":"security-advisories@github.com","published":"2025-06-24T04:15:46.967","lastModified":"2025-08-27T14:01:31.297","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"llama.cpp is an inference of several LLM models in C/C++. Prior to version b5721, there is a signed vs. unsigned integer overflow in llama.cpp's tokenizer implementation (llama_vocab::tokenize) (src/llama-vocab.cpp:3036) resulting in unintended behavior in tokens copying size comparison. Allowing heap-overflowing llama.cpp inferencing engine with carefully manipulated text input during tokenization process. This issue has been patched in version b5721."},{"lang":"es","value":"llama.cpp es una inferencia de varios modelos LLM en C/C++. Antes de la versión b5721, se producía un desbordamiento de enteros con signo y sin signo en la implementación del tokenizador de llama.cpp (llama_vocab::tokenize) (src/llama-vocab.cpp:3036), lo que provocaba un comportamiento no deseado al comparar el tamaño de copia de tokens. Esto permitía el desbordamiento del montón del motor de inferencia de llama.cpp con una entrada de texto cuidadosamente manipulada durante el proceso de tokenización. Este problema se ha corregido en la versión b5721."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":6.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-119"},{"lang":"en","value":"CWE-195"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ggml:llama.cpp:*:*:*:*:*:*:*:*","versionEndExcluding":"b5721","matchCriteriaId":"DC465FEB-FFD7-42D5-8D81-F416C28985BD"}]}]}],"references":[{"url":"https://github.com/ggml-org/llama.cpp/commit/dd6e6d0b6a4bbe3ebfc931d1eb14db2f2b1d70af","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/ggml-org/llama.cpp/security/advisories/GHSA-7rxv-5jhh-j6xx","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/ggml-org/llama.cpp/security/advisories/GHSA-7rxv-5jhh-j6xx","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]}]}}]}