CVE-2026-47747: CWE-122: Heap-based Buffer Overflow in leejet stable-diffusion.cpp
A heap-based buffer overflow vulnerability exists in the pickle .ckpt parser of stable-diffusion.cpp prior to version master-584-0a7ae07. The flaw is due to sign confusion in the BINUNICODE opcode length field, allowing a crafted .ckpt file to trigger a large memcpy operation causing heap corruption. This vulnerability has been fixed in version master-584-0a7ae07. Until updating, users should only load .ckpt files from trusted sources and prefer safer formats like .safetensors.
AI Analysis
Technical Summary
The stable-diffusion.cpp library, used for diffusion model inference, contained a heap buffer overflow in its pickle .ckpt parser within src/model.cpp. The vulnerability arises from sign confusion on the opcode length field in the BINUNICODE handler, which can cause memcpy to use an excessively large length derived from a negative signed value. This leads to immediate heap corruption when processing a maliciously crafted .ckpt file. The issue is resolved in version master-584-0a7ae07. No official remediation level or patch link is provided, but updating to this version addresses the vulnerability. Alternative mitigation includes restricting .ckpt file sources to trusted origins and using safer formats such as .safetensors.
Potential Impact
Successful exploitation allows an attacker to cause heap corruption via a crafted .ckpt file, potentially leading to arbitrary code execution, denial of service, or other high-impact outcomes. The CVSS 3.1 score is 7.8 (High), reflecting local attack vector with low complexity, no privileges required, user interaction needed, and high confidentiality, integrity, and availability impacts.
Mitigation Recommendations
A fix is available in stable-diffusion.cpp version master-584-0a7ae07. Users and developers should update to this version to remediate the vulnerability. If immediate updating is not possible, mitigate risk by only loading .ckpt checkpoint files from trusted sources and prefer using safer model formats such as .safetensors.
CVE-2026-47747: CWE-122: Heap-based Buffer Overflow in leejet stable-diffusion.cpp
Description
A heap-based buffer overflow vulnerability exists in the pickle .ckpt parser of stable-diffusion.cpp prior to version master-584-0a7ae07. The flaw is due to sign confusion in the BINUNICODE opcode length field, allowing a crafted .ckpt file to trigger a large memcpy operation causing heap corruption. This vulnerability has been fixed in version master-584-0a7ae07. Until updating, users should only load .ckpt files from trusted sources and prefer safer formats like .safetensors.
CVSS v3.1
Score 7.8high
Affected software
Run on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The stable-diffusion.cpp library, used for diffusion model inference, contained a heap buffer overflow in its pickle .ckpt parser within src/model.cpp. The vulnerability arises from sign confusion on the opcode length field in the BINUNICODE handler, which can cause memcpy to use an excessively large length derived from a negative signed value. This leads to immediate heap corruption when processing a maliciously crafted .ckpt file. The issue is resolved in version master-584-0a7ae07. No official remediation level or patch link is provided, but updating to this version addresses the vulnerability. Alternative mitigation includes restricting .ckpt file sources to trusted origins and using safer formats such as .safetensors.
Potential Impact
Successful exploitation allows an attacker to cause heap corruption via a crafted .ckpt file, potentially leading to arbitrary code execution, denial of service, or other high-impact outcomes. The CVSS 3.1 score is 7.8 (High), reflecting local attack vector with low complexity, no privileges required, user interaction needed, and high confidentiality, integrity, and availability impacts.
Mitigation Recommendations
A fix is available in stable-diffusion.cpp version master-584-0a7ae07. Users and developers should update to this version to remediate the vulnerability. If immediate updating is not possible, mitigate risk by only loading .ckpt checkpoint files from trusted sources and prefer using safer model formats such as .safetensors.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-05-19T22:16:39.504Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a31a4690b89be68881528e0
Added to database: 6/16/2026, 7:30:49 PM
Last enriched: 6/16/2026, 7:45:18 PM
Last updated: 6/16/2026, 8:41:35 PM
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.