Vulnerability Details CVE-2026-47747
stable-diffusion.cpp is a pure C/C++ library for running diffusion model (Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more) inference. In versions prior to master-584-0a7ae07, the pickle .ckpt parser in src/model.cpp contained a heap buffer overflow vulnerability in the BINUNICODE opcode handler. The issue was caused by sign confusion on the opcode length field. A crafted .ckpt file could trigger memcpy with a very large length derived from a negative signed value, causing immediate heap corruption.
The issue has been resolved in version master-584-0a7ae07. If developers are unable to immediately update their applications they can work around this issue by only loading .ckpt checkpoint files from trusted sources and preferring trusted model sources and safer formats such as .safetensors where possible.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 3.6%
CVSS Severity
CVSS v3 Score 7.8
References
- https://github.com/leejet/stable-diffusion.cpp/commit/0a7ae07f948eff4611968a65a22bd7c7031ad74f
- https://github.com/leejet/stable-diffusion.cpp/pull/1443
- https://github.com/leejet/stable-diffusion.cpp/security/advisories/GHSA-mghm-5mqc-pwmp
- https://github.com/leejet/stable-diffusion.cpp/security/advisories/GHSA-mghm-5mqc-pwmp
Products affected by CVE-2026-47747
-
cpe:2.3:a:leejet:stable-diffusion.cpp:-
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-298-1e5f207
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-299-567f9f1
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-300-171b222
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-301-fd693ac
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-302-1e0d282
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-305-f3140ea
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-306-2abe945
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-309-35843c7
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-314-02af48a
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-315-e70d020
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-316-5b261b9
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-317-aa68b87
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-318-beb99a2
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-319-9727c6b
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-320-1c32fa0
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-321-5436f6b
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-322-c64994d
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-323-2e9242e
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-324-a7d6d29
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-325-e370258
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-326-40a6a87
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-330-db6f479
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-331-90ef5f8
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-332-0723ee5
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-333-64a7698
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-334-d05e46c
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-335-48e0a28
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-336-917f7bf
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-338-faabc5a
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-339-062490a
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-340-9e28be6
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-341-8a45d0f
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-343-dd75fc0
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-346-c42826b
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-347-6103d86
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-348-8f6c5c2
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-349-fb748bb
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-350-c2d8ffc
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-351-0fa3e1a
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-352-d2d3944
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-353-ee89afc
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-354-8ecdf05
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-355-694f0d9
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-356-4ffcbca
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-357-59ebdf0
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-358-347710f
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-359-6448430
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-360-aa44e06
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-361-e8eb379
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-362-742a733
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-363-199e675
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-364-6d6dc1b
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-365-d5b05f7
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-366-f532972
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-367-b88cc32
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-368-28ffb6c
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-369-a14e2b3
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-370-aa2b8e0
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-371-5498cc0
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-372-b542894
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-373-e9bc3b6
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-375-45c4677
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-376-490c51d
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-377-2034588
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-378-52b67c5
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-379-0249509
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-380-673dbdd
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-382-bc80225
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-383-20eb674
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-385-34a6fd4
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-386-0743a1b
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-387-e4c50f1
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-390-edf2cb3
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-391-5865b5e
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-392-bcc9c0d
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-393-118683d
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-394-3f3610b
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-395-985aedd
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-396-689e44c
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-397-bfbb929
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-398-2f0bd31
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-401-0392273
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-402-96c3e64
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-403-583a02e
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-405-e72aea7
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-406-d939f6e
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-407-1ac5a61
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-408-8823dc4
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-409-a3a88fc
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-410-11ab095
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-411-2aecdd5
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-412-6888fcb
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-413-15d0f82
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-414-8f05f5b
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-415-d96b415
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-416-614f873
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-417-43a70e8
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-418-200cb6f
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-419-e687913
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-420-a23262d
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-421-9fa7f41
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-422-ebe9d26
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-423-c3ad6a1
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-424-c2e18c8
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-425-bda7fab
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-426-97cf2ef
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-427-78e15bd
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-430-7c88c47
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-431-23fce0b
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-432-60abda5
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-433-88ec9d3
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-434-50ff966
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-435-ca5b196
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-437-30a9113
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-438-298b110
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-440-3e81246
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-442-3e6c428
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-443-3d5fdd7
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-444-a0adcfb
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-445-860a78e
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-446-df4efe2
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-447-ccb6b0a
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-448-37c9860
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-449-cc10771
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-450-a2d83dd
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-451-d0d836a
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-452-51bd9c8
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-453-4ff2c8c
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-454-6eefd2d
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-455-a119a4d
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-456-2cef4ba
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-457-b90b1ee
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-462-c5602a6
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-463-e7e83ed
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-466-27b5f17
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-467-0e52afc
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-468-885e62e
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-470-48d3161
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-471-7010bb4
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-472-fbce16e
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-473-9565c7f
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-474-61659ef
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-475-2efd199
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-477-639091f
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-478-c6206fb
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-479-e50e1f2
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-480-b87fe13
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-482-3295711
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-483-5e4579c
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-484-fa61ea7
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-485-4ccce02
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-486-7837232
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-487-43e829f
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-489-3959109
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-490-e63daba
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-492-f957fa3
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-493-65891d7
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-494-9f56833
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-495-f0f641a
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-496-5e26437
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-497-aa0b899
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-498-c7ccafb
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-499-d60fb27
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-500-3296545
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-502-45ce78a
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-503-adea272
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-504-636d3cb
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-505-c5eb1e4
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-506-c9cd497
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-507-b314d80
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-509-4cdfff5
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-511-e64baa3
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-512-60889bc
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-513-39d5470
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-514-5792c66
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-515-810ef0c
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-516-d41f5ff
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-517-ba35dd7
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-519-7c880f8
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-520-d950627
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-521-9b424db
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-522-3d33caa
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-523-c8fb3d2
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-525-d6dd6d7
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-527-adfef62
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-528-f6968bc
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-529-630ee03
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-533-862a658
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-534-997bb11
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-535-84cbd88
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-536-5265a5e
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-537-545fac4
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-539-ed88e21
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-540-f16a110
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-541-8f2967c
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-542-02dd5e5
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-543-8d87887
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-544-83e8f6f
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-545-1d6cb0f
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-546-4d52320
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-547-4fe7a35
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-548-bf02167
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-549-6dfe945
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-550-09b12d5
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-551-99c1de3
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-552-87ecb95
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-553-687a81f
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-554-9369ab7
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-555-7397dda
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-556-359eb8b
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-557-5bf438d
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-558-8afbeb6
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-559-dd75372
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-560-e8323ca
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-561-be9f51b
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-562-118489e
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-563-7ade90e
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-564-fd35047
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-567-ee5bf95
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-568-9ac7b67
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-569-c41c5de
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-570-5c243db
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-572-1b4e9be
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-575-2bcff67
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-576-6a9cb31
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-577-f3f69e2
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-578-4d626d2
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-579-3c99f70
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-580-7d33d4b
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-581-e77e4c4
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-582-7023fc4
-
cpe:2.3:a:leejet:stable-diffusion.cpp:master-583-6614334