The llama.cpp project released version b9917, addressing critical security vulnerabilities in its UGM tokenizer. Specifically, the update fixes out-of-bounds reads that could be triggered by malicious T5/UGM GGUF files. These fixes involve validating the minimum size of data blobs and replacing unsafe string functions with bounds-checked alternatives to prevent heap-buffer overflows. AI
IMPACT Enhances the security of local LLM inference tools by patching vulnerabilities in tokenizer handling.
RANK_REASON This is a software maintenance release for an open-source project, addressing security vulnerabilities.
Read on llama.cpp — Releases →
AI-generated summary · Google Gemini · from 1 sources. How we write summaries →