Affected versions of this package are vulnerable to Out-of-bounds Read by missing validation of a metadata string’s size and a metadata array’s length in a GGUF file uploaded to the server. This can cause the server to crash (Denial-of-Serivce DoS) or read sensitive data from the process memory.