PatchSiren cyber security CVE debrief
CVE-2025-15514 Ollama CVE debrief
CVE-2025-15514 is a high-severity null pointer dereference vulnerability in Ollama's multi-modal model image processing functionality. The vulnerability allows remote attackers to exploit the application by sending specially crafted base64 image data, causing a segmentation fault and crashing the runner process, resulting in a denial of service condition. This issue affects Ollama versions from 0.11.5-rc0 to 0.13.5. The vulnerability has a CVSS score of 8.7 and is considered HIGH severity. The CVE was published on January 12, 2026, and last modified on June 30, 2026.
- Vendor
- Ollama
- Product
- Unknown
- CVSS
- HIGH 8.7
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-01-12
- Original CVE updated
- 2026-06-30
- Advisory published
- 2026-01-12
- Advisory updated
- 2026-06-30
Who should care
Organizations using Ollama versions between 0.11.5-rc0 and 0.13.5 should prioritize patching this vulnerability to prevent potential denial of service attacks. Additionally, security teams and administrators responsible for maintaining Ollama installations should be aware of this vulnerability and take necessary actions to mitigate the risk.
Technical summary
The vulnerability exists in the multi-modal model image processing functionality of Ollama, specifically in the handling of base64-encoded image data via the /api/chat endpoint. The application fails to validate the decoded data before passing it to the mtmd_helper_bitmap_init_from_buf function, which can return NULL for malformed input. The code does not check this return value before dereferencing the pointer, leading to a null pointer dereference and a segmentation fault. This results in a denial of service condition, making the model unavailable to all users until the service is restarted.
Defensive priority
High priority should be given to patching this vulnerability, as it can be exploited remotely and results in a denial of service condition. Administrators should update Ollama to a version that fixes this issue as soon as possible.
Recommended defensive actions
- Update Ollama to a version that fixes the null pointer dereference vulnerability.
- Implement input validation and sanitization for base64-encoded image data.
- Monitor Ollama installations for potential exploitation attempts.
- Review and update incident response plans to address potential denial of service attacks.
- Consider implementing compensating controls, such as web application firewalls, to detect and prevent malicious traffic.
Evidence notes
The CVE-2025-15514 vulnerability was published on January 12, 2026, and last modified on June 30, 2026. The vulnerability affects Ollama versions from 0.11.5-rc0 to 0.13.5. The CVSS score is 8.7, indicating high severity. The vulnerability allows remote attackers to exploit the application, causing a denial of service condition.
Official resources
-
CVE-2025-15514 CVE record
CVE.org
-
CVE-2025-15514 NVD detail
NVD
-
Source item URL
nvd_modified
-
Source reference
[email protected] - Product
-
Mitigation or vendor reference
[email protected] - Exploit, Patch, Third Party Advisory
-
Source reference
[email protected] - Product
-
Mitigation or vendor reference
[email protected] - Third Party Advisory
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
This article is AI-assisted and based on the supplied source corpus.