Hugging Face's logo

01data-ai
/
gguf_py_f001_nested_array_recursion

GGUF
Model card Files
xet
 Community
gguf_py_f001_nested_array_recursion / README.md
01data-ai's picture
01data-ai
Upload 14 files
927bde4 verified
preview code
|
raw
history blame contribute delete
1.24 kB

GGUF-PY-F001 Evidence Pack — Nested ARRAY Recursion DoS

Finding

Python GGUFReader processes nested GGUF ARRAY metadata recursively. A crafted GGUF file with deeply nested ARRAY metadata triggers a Python RecursionError, causing Python-side model/tooling load failure.

Confirmed live-repo proof

The proof asserts that Python imports gguf from the live mounted repo:

  • gguf.__file__ = /target/gguf-py/gguf/__init__.py
  • GGUFReader source = /target/gguf-py/gguf/gguf_reader.py

The native binary used is from the live mounted repo:

  • /target/build/bin/llama-gguf
  • version: 9046 (a290ce626)

Confirmed crafted file

The PoC GGUF contains:

  • magic: GGUF
  • version: 3
  • n_tensors: 0
  • n_kv: 1
  • one metadata key
  • deeply nested ARRAY metadata

Confirmed Python behavior

Python live-repo GGUFReader raises RecursionError while loading the crafted file.

Expected security impact

This is not RCE. The impact is Python-side denial of service / malformed model processing failure in tooling, scanning, or ingestion paths that use gguf-py to inspect externally supplied GGUF files.

Non-claims

This pack does not claim native C++ memory corruption, RCE, privilege escalation, or data exfiltration.