Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Ollama Multi-Modal Model Image Processing NULL Pointer Dereference
Vulnerability Description
Ollama 0.11.5-rc0 through current version 0.13.5 contain a null pointer dereference vulnerability in the multi-modal model image processing functionality. When processing base64-encoded image data via the /api/chat endpoint, the application fails to validate that the decoded data represents valid media before passing it to the mtmd_helper_bitmap_init_from_buf function. This function can return NULL for malformed input, but the code does not check this return value before dereferencing the pointer in subsequent operations. A remote attacker can exploit this by sending specially crafted base64 image data that decodes to invalid media, causing a segmentation fault and crashing the runner process. This results in a denial of service condition where the model becomes unavailable to all users until the service is restarted.
CVSS Information
N/A
Vulnerability Type
使用NullPointerException捕捉来检测空指针解引用
Vulnerability Title
Ollama 安全漏洞
Vulnerability Description
Ollama是Ollama开源的一个可以在本地启动并运行的大型语言模型。 Ollama 0.11.5-rc0版本至0.13.5版本存在安全漏洞,该漏洞源于多模态模型图像处理功能存在空指针取消引用,可能导致拒绝服务。
CVSS Information
N/A
Vulnerability Type
N/A