Home

Description

Ollama 0.11.5-rc0 through current version 0.13.5 contain a null pointer dereference vulnerability in the multi-modal model image processing functionality. When processing base64-encoded image data via the /api/chat endpoint, the application fails to validate that the decoded data represents valid media before passing it to the mtmd_helper_bitmap_init_from_buf function. This function can return NULL for malformed input, but the code does not check this return value before dereferencing the pointer in subsequent operations. A remote attacker can exploit this by sending specially crafted base64 image data that decodes to invalid media, causing a segmentation fault and crashing the runner process. This results in a denial of service condition where the model becomes unavailable to all users until the service is restarted.

PUBLISHED Reserved 2026-01-12 | Published 2026-01-12 | Updated 2026-01-12 | Assigner VulnCheck




HIGH: 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-395: Use of NullPointerException Catch to Detect NULL Pointer Dereference

Product status

Default status
unknown

v0.11.5-rc0 (semver)
affected

Credits

bob14 finder

weblover finder

References

huntr.com/bounties/172df98b-07cd-41ea-a628-366f8cd525c0 technical-description exploit

ollama.com/ product

https//github.com/ollama/ollama product

www.vulncheck.com/...age-processing-null-pointer-dereference third-party-advisory

cve.org (CVE-2025-15514)

nvd.nist.gov (CVE-2025-15514)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.