Back to CVE List

CVE-2026-10298

LOW SEVERITY

CVSS Score & Metrics

Base Score
3.3 / 10
Vector String
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Vulnerability Description

A security flaw has been discovered in ggml-org whisper.cpp up to 1.8.2. This vulnerability affects the function whisper_model_load of the file ggml/src/ggml.c. The manipulation results in null pointer dereference. Attacking locally is a requirement. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.

Vulnerability Details

Published Date
Last Modified
CWE ID
CWE-404
Source
NVD
Vendor
ggml-org
Product
whisper.cpp

External References

Discussion (0)

Add Comment

No comments yet. Be the first!