HIGH 7.5

PYSEC-2025-144

Details

A divide by zero vulnerability exists in ollama/ollama version v0.3.3. The vulnerability occurs when importing GGUF models with a crafted type for `block_count` in the Modelfile. This can lead to a denial of service (DoS) condition when the server processes the model, causing it to crash.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / ollama

Introduced in: 0

No fixed version published yet for ollama (pip). Pin to a known-safe version or switch to an alternative.

References

https://huntr.com/bounties/fd8e1ed6-21d2-4c9e-8395-2098f11b7db9 [EVIDENCE]