HIGH
Ollama
CVE published 2026-05-04
CVE-2026-7482
CVE-2026-7482 is a heap out-of-bounds read in Ollama’s GGUF model loader that affects versions before 0.17.1. According to the CVE description and NVD record, a malicious GGUF file can declare tensor offsets and sizes that exceed the file’s actual length; during quantization in fs/ggml/gguf.go and server/quantization.go (WriteTo()), Ollama can read past the allocated heap buffer. The result is information [truncated]