Heap Buffer Overflow in Stable Diffusion C++ Library by Leejet
CVE-2026-47749

7.8HIGH

Key Information:

Vendor

Leejet

Status
Stable-diffusion.cpp
Vendor
CVE Published:
16 June 2026

What is CVE-2026-47749?

The stable-diffusion.cpp library, utilized for running various diffusion models, contains a vulnerability due to a heap buffer overflow in the parsing of SHORT_BINUNICODE opcode within PyTorch checkpoint files. This issue arises from a sign confusion when determining the length of the opcode, allowing a crafted .ckpt file to cause memcpy operations with excessively large lengths derived from negative values, leading to heap corruption. Applications that load untrusted .ckpt model files can face potential crashes and may be exploited for code execution based on the heap layout. To mitigate risks, users should avoid loading checkpoint files from untrusted sources and consider using safer formats whenever possible. The vulnerability has been addressed in version master-584-0a7ae07.

Affected Version(s)

stable-diffusion.cpp < master-584-0a7ae07

References

https://github.com/leejet/stable-diffusion.cpp/security/a...
x_refsource_CONFIRM
https://github.com/leejet/stable-diffusion.cpp/pull/1443
x_refsource_MISC
https://github.com/leejet/stable-diffusion.cpp/commit/0a7...
x_refsource_MISC

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.