CVE-2025-66960

← CVEs

HIGH 7.5

Published

2026-01-21

Last Modified

2026-02-02

Affected Apps

Affected Devices

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

An issue in ollama v.0.12.10 allows a remote attacker to cause a denial of service via the fs/ggml/gguf.go, function readGGUFV1String reads a string length from untrusted GGUF metadata

Affected Applications in Environment 3

Ollama

4 devices

Ollama v0.13.3 (0.13.2)

1 device

Ollama v0.9.6 (0.9.5)

1 device

Affected Devices 6

DESKTOP-RUJGD6M Windows DPHSOB-31JGH13 Windows KHS-1S5WWP3 Windows a01099603-GXQ5MWJ9H7 Mac a02376833-F44QRWP393 Mac a02390799-Y9FM6C57TP Mac

References 2

https://github.com/ollama/ollama/issues/9820
https://zero.shotlearni.ng/blog/cve-2025-66960guf-v1-string-length-cause-panic-in-readggufv1string/