CVE-2026-47750
Awaiting Analysis Awaiting Analysis - Queue
Heap Buffer Overflow in Stable Diffusion.cpp

Publication date: 2026-06-16

Last updated on: 2026-06-16

Assigner: GitHub, Inc.

Description
stable-diffusion.cpp is a pure C/C++ library for running diffusion model (Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more) inference. In versions prior to master-584-0a7ae07, the pickle .ckpt parser in src/model.cpp contained a heap buffer overflow vulnerability in the GLOBAL opcode handler. The issue was caused by missing validation when searching for newline-delimited fields. A crafted .ckpt file without the expected newline could cause the parser to use -1 as a copy length, resulting in immediate heap corruption. The attack requires the victim or application to load a .ckpt file from an untrusted source, such as a downloaded model from a model sharing site. The issue has been resolved in version master-584-0a7ae07. If developers are unable to immediately update their applications they can work around this issue by following these instructions: do not load .ckpt checkpoint files from untrusted sources, and prefer trusted model sources and safer formats such as .safetensors where possible.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-16
Last Modified
2026-06-16
Generated
2026-06-17
AI Q&A
2026-06-16
EPSS Evaluated
N/A
NVD
CVE-2026-47750
EUVD
EUVD-2026-37198
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
leejet stable_diffusion.cpp to master-584-0a7ae07 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Impact Analysis

Exploiting this vulnerability can cause process crashes or potentially allow code execution depending on the heap layout. The impacts include high severity effects on confidentiality, integrity, and availability of the affected system.

  • Process crashes leading to denial of service.
  • Potential arbitrary code execution.
  • Compromise of data confidentiality and integrity.
Executive Summary

CVE-2026-47750 is a high-severity heap buffer overflow vulnerability in the PyTorch checkpoint (.ckpt) file parser of the stable-diffusion.cpp library. The issue occurs in the GLOBAL opcode handler within the pickle .ckpt parser, where missing validation for newline-delimited fields allows a crafted .ckpt file to cause heap corruption. Specifically, if the parser does not find the expected newline delimiter, it uses -1 as a copy length in a memory operation, which is interpreted as a very large size, leading to immediate heap corruption.

This vulnerability can be triggered when an application loads a malicious .ckpt file from an untrusted source, such as a model sharing site.

Detection Guidance

This vulnerability occurs when a malicious .ckpt file is loaded by the stable-diffusion.cpp library. Detection involves identifying if untrusted or crafted .ckpt files are being loaded or processed by your system.

Since the vulnerability is triggered by loading a crafted .ckpt file, you can detect potential exploitation by monitoring for crashes or abnormal behavior in applications using stable-diffusion.cpp when loading .ckpt files.

There are no specific commands provided in the resources to detect this vulnerability directly. However, you can:

  • Check for usage of stable-diffusion.cpp versions prior to master-584-0a7ae07.
  • Monitor application logs for crashes or heap corruption errors related to .ckpt file loading.
  • Audit the source of .ckpt files being loaded to ensure they come from trusted sources.
Mitigation Strategies

To mitigate this vulnerability immediately, you should:

  • Upgrade stable-diffusion.cpp to version master-584-0a7ae07 or later, where the vulnerability is fixed.
  • Avoid loading .ckpt checkpoint files from untrusted or unknown sources.
  • Prefer using safer model formats such as .safetensors instead of .ckpt files.
  • If upgrading immediately is not possible, implement strict validation and source verification for all .ckpt files before loading.
Compliance Impact

The vulnerability in stable-diffusion.cpp involves a heap buffer overflow that can lead to high impacts on confidentiality, integrity, and availability of the affected system. Since the flaw allows potential code execution or crashes when loading malicious .ckpt files, it could result in unauthorized access or data corruption.

Such impacts on confidentiality and integrity could affect compliance with standards and regulations like GDPR and HIPAA, which require protection of sensitive data and system integrity. If exploited, this vulnerability might lead to data breaches or system compromises that violate these regulatory requirements.

Mitigation involves avoiding loading .ckpt files from untrusted sources, preferring safer formats, or upgrading to the patched version, which helps maintain compliance by reducing the risk of exploitation.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-47750. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart