CVE-2026-47750: CWE-787: Out-of-bounds Write in leejet stable-diffusion.cpp
A heap buffer overflow vulnerability exists in the pickle .ckpt parser of stable-diffusion.cpp prior to version master-584-0a7ae07. The issue arises from missing validation when parsing newline-delimited fields, allowing a crafted .ckpt file without expected newlines to cause heap corruption. Exploitation requires loading a malicious .ckpt file from an untrusted source. The vulnerability has been fixed in version master-584-0a7ae07. Until updated, users should avoid loading .ckpt files from untrusted sources and prefer safer formats like .safetensors.
AI Analysis
Technical Summary
The stable-diffusion.cpp library, used for diffusion model inference, contained a heap buffer overflow in its pickle .ckpt file parser within src/model.cpp. Specifically, the GLOBAL opcode handler failed to validate newline-delimited fields properly, allowing a crafted .ckpt file lacking expected newlines to cause the parser to use an invalid copy length (-1), resulting in heap corruption. This vulnerability affects versions prior to master-584-0a7ae07. Exploitation requires user interaction to load a malicious .ckpt file from an untrusted source. The issue is resolved in version master-584-0a7ae07.
Potential Impact
Successful exploitation can lead to heap corruption, potentially allowing an attacker to execute arbitrary code, cause denial of service, or compromise confidentiality and integrity of the affected system. The vulnerability requires loading a malicious .ckpt file, so the attack vector is limited to scenarios where untrusted model files are loaded.
Mitigation Recommendations
A fix is available in stable-diffusion.cpp version master-584-0a7ae07. Users and developers should update to this version to remediate the vulnerability. If immediate updating is not possible, avoid loading .ckpt checkpoint files from untrusted sources and prefer trusted model sources and safer formats such as .safetensors.
CVE-2026-47750: CWE-787: Out-of-bounds Write in leejet stable-diffusion.cpp
Description
A heap buffer overflow vulnerability exists in the pickle .ckpt parser of stable-diffusion.cpp prior to version master-584-0a7ae07. The issue arises from missing validation when parsing newline-delimited fields, allowing a crafted .ckpt file without expected newlines to cause heap corruption. Exploitation requires loading a malicious .ckpt file from an untrusted source. The vulnerability has been fixed in version master-584-0a7ae07. Until updated, users should avoid loading .ckpt files from untrusted sources and prefer safer formats like .safetensors.
CVSS v3.1
Score 7.8high
Affected software
Run on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The stable-diffusion.cpp library, used for diffusion model inference, contained a heap buffer overflow in its pickle .ckpt file parser within src/model.cpp. Specifically, the GLOBAL opcode handler failed to validate newline-delimited fields properly, allowing a crafted .ckpt file lacking expected newlines to cause the parser to use an invalid copy length (-1), resulting in heap corruption. This vulnerability affects versions prior to master-584-0a7ae07. Exploitation requires user interaction to load a malicious .ckpt file from an untrusted source. The issue is resolved in version master-584-0a7ae07.
Potential Impact
Successful exploitation can lead to heap corruption, potentially allowing an attacker to execute arbitrary code, cause denial of service, or compromise confidentiality and integrity of the affected system. The vulnerability requires loading a malicious .ckpt file, so the attack vector is limited to scenarios where untrusted model files are loaded.
Mitigation Recommendations
A fix is available in stable-diffusion.cpp version master-584-0a7ae07. Users and developers should update to this version to remediate the vulnerability. If immediate updating is not possible, avoid loading .ckpt checkpoint files from untrusted sources and prefer trusted model sources and safer formats such as .safetensors.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-05-19T22:16:39.504Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a31a4690b89be68881528e8
Added to database: 6/16/2026, 7:30:49 PM
Last enriched: 6/16/2026, 7:45:12 PM
Last updated: 6/16/2026, 8:41:35 PM
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.