{"id":"PYSEC-2026-102","details":"An issue in ollama v.0.12.10 allows a remote attacker to cause a denial of service via the fs/ggml/gguf.go, function readGGUFV1String reads a string length from untrusted GGUF metadata","aliases":["CVE-2025-66960"],"modified":"2026-06-10T12:00:07.181444137Z","published":"2026-01-21T18:16:23.950Z","withdrawn":"2026-06-10T11:00:00Z","references":[{"type":"REPORT","url":"https://github.com/ollama/ollama/issues/9820"},{"type":"EVIDENCE","url":"https://zero.shotlearni.ng/blog/cve-2025-66960guf-v1-string-length-cause-panic-in-readggufv1string/"}],"affected":[{"package":{"name":"ollama","ecosystem":"PyPI","purl":"pkg:pypi/ollama"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"last_affected":"0.12.10-NA"}]}],"ecosystem_specific":{},"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/ollama/PYSEC-2026-102.yaml"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}