CVE-2025-49847 | ggml-org llama.cpp llama.cpp/src/vocab.cpp token_to_piece memory corruption (GHSA-8wwf-w4qm-gpqr)

A vulnerability was found in ggml-org llama.cpp. It has been classified as critical. Affected is the function llama_vocab::impl::token_to_piece of the file llama.cpp/src/vocab.cpp. The manipulation leads to memory corruption.

This vulnerability is traded as CVE-2025-49847. It is possible to launch the attack remotely. There is no exploit available.

It is recommended to apply a patch to fix this issue.VulDB Recent EntriesRead More