CVE-2026-47747
HighCVSS 7.8Exploitation Probability (EPSS)
Low risk4th percentile — higher than 4% of all known CVEs
Summary
The stable-diffusion.cpp library has a heap buffer overflow vulnerability in the BINUNICODE opcode handler in the .ckpt parser, which can lead to memory corruption. This issue affects versions prior to master-584-0a7ae07.
Risk Assessment
Exploitation of this vulnerability could lead to serious security issues, including remote code execution or application instability. Organizations should be aware of the risks associated with loading unverified .ckpt files.
Recommendation
It is recommended to upgrade to version master-584-0a7ae07 or, if an upgrade is not possible, to load .ckpt files only from trusted sources and to prefer safer formats such as .safetensors.
Original NVD description (English source)
stable-diffusion.cpp is a pure C/C++ library for running diffusion model (Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more) inference. In versions prior to master-584-0a7ae07, the pickle .ckpt parser in src/model.cpp contained a heap buffer overflow vulnerability in the BINUNICODE opcode handler. The issue was caused by sign confusion on the opcode length field. A crafted .ckpt file could trigger memcpy with a very large length derived from a negative signed value, causing immediate heap corruption. The issue has been resolved in version master-584-0a7ae07. If developers are unable to immediately update their applications they can work around this issue by only loading .ckpt checkpoint files from trusted sources and preferring trusted model sources and safer formats such as .safetensors where possible.

