PatchSiren cyber security CVE debrief
CVE-2026-47747 leejet CVE debrief
CVE-2026-47747 is a high-severity vulnerability in stable-diffusion.cpp, a C/C++ library for running diffusion models. The vulnerability is caused by a heap buffer overflow in the pickle .ckpt parser in src/model.cpp, specifically in the BINUNICODE opcode handler. This issue was caused by sign confusion on the opcode length field. A crafted .ckpt file could trigger memcpy with a very large length derived from a negative signed value, causing immediate heap corruption. The issue has been resolved in version master-584-0a7ae07.
- Vendor
- leejet
- Product
- stable-diffusion.cpp
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-16
- Original CVE updated
- 2026-06-17
- Advisory published
- 2026-06-16
- Advisory updated
- 2026-06-17
Who should care
Developers using the stable-diffusion.cpp library, especially those loading .ckpt checkpoint files from untrusted sources, should be aware of this vulnerability.
Technical summary
The vulnerability is a heap buffer overflow (CWE-122, CWE-787) in the pickle .ckpt parser in src/model.cpp. It occurs when handling the BINUNICODE opcode, where sign confusion on the opcode length field allows a crafted .ckpt file to trigger memcpy with a very large length, leading to heap corruption.
Defensive priority
High
Recommended defensive actions
- Update to version master-584-0a7ae07 or later.
- Only load .ckpt checkpoint files from trusted sources.
- Prefer safer formats such as .safetensors where possible.
Evidence notes
The CVE-2026-47747 vulnerability has a CVSS score of 7.8 and is classified as HIGH severity. The vulnerability was published on 2026-06-16T20:16:44.163Z and modified on 2026-06-16T20:44:11.730Z.
Official resources
CVE-2026-47747 was published on 2026-06-16T20:16:44.163Z and modified on 2026-06-16T20:44:11.730Z.