CVE-2025-15514
Published: 12 January 2026
Summary
CVE-2025-15514 is a high-severity Use of NullPointerException Catch to Detect NULL Pointer Dereference (CWE-395) vulnerability in Ollama Ollama. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 25.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Threat & Defense at a Glance
Threat & Defense Details
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Null dereference in unauthenticated public /api/chat endpoint allows remote DoS via crafted input, directly mapping to public app exploitation and application-layer DoS via vulnerability trigger.
NVD Description
Ollama 0.11.5-rc0 through current version 0.13.5 contain a null pointer dereference vulnerability in the multi-modal model image processing functionality. When processing base64-encoded image data via the /api/chat endpoint, the application fails to validate that the decoded data represents valid media…
more
before passing it to the mtmd_helper_bitmap_init_from_buf function. This function can return NULL for malformed input, but the code does not check this return value before dereferencing the pointer in subsequent operations. A remote attacker can exploit this by sending specially crafted base64 image data that decodes to invalid media, causing a segmentation fault and crashing the runner process. This results in a denial of service condition where the model becomes unavailable to all users until the service is restarted.
Deeper analysisAI
CVE-2025-15514 is a null pointer dereference vulnerability affecting Ollama versions 0.11.5-rc0 through 0.13.5 in the multi-modal model image processing functionality. The issue arises when processing base64-encoded image data submitted via the /api/chat endpoint. The application does not validate that the decoded data represents valid media before passing it to the mtmd_helper_bitmap_init_from_buf function, which can return NULL for malformed input. Subsequent code fails to check this return value before dereferencing the pointer, leading to a segmentation fault.
A remote attacker with network access can exploit this vulnerability without authentication or user interaction by sending specially crafted base64-encoded image data that decodes to invalid media. This triggers a crash in the runner process, resulting in a denial-of-service condition where the model becomes unavailable to all users until the service is manually restarted. The vulnerability has a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) and is associated with CWE-395 (Use of Null Pointer).
Advisories and reports detailing the vulnerability and potential mitigations are available from sources including the official Ollama GitHub repository at https://github.com/ollama/ollama, a Huntr bounty report at https://huntr.com/bounties/172df98b-07cd-41ea-a628-366f8cd525c0, the Ollama website at https://ollama.com/, and a Vulncheck advisory at https://www.vulncheck.com/advisories/ollama-multi-modal-image-processing-null-pointer-dereference. Security practitioners should consult these for patch information and remediation guidance.
Details
- CWE(s)