# GGUF-PY-F001 Evidence Pack — Nested ARRAY Recursion DoS

## Finding

Python `GGUFReader` processes nested GGUF ARRAY metadata recursively. A crafted GGUF file with deeply nested ARRAY metadata triggers a Python `RecursionError`, causing Python-side model/tooling load failure.

## Confirmed live-repo proof

The proof asserts that Python imports `gguf` from the live mounted repo:

- `gguf.__file__ = /target/gguf-py/gguf/__init__.py`
- `GGUFReader source = /target/gguf-py/gguf/gguf_reader.py`

The native binary used is from the live mounted repo:

- `/target/build/bin/llama-gguf`
- version: `9046 (a290ce626)`

## Confirmed crafted file

The PoC GGUF contains:

- magic: GGUF
- version: 3
- n_tensors: 0
- n_kv: 1
- one metadata key
- deeply nested ARRAY metadata

## Confirmed Python behavior

Python live-repo `GGUFReader` raises `RecursionError` while loading the crafted file.

## Expected security impact

This is not RCE. The impact is Python-side denial of service / malformed model processing failure in tooling, scanning, or ingestion paths that use `gguf-py` to inspect externally supplied GGUF files.

## Non-claims

This pack does not claim native C++ memory corruption, RCE, privilege escalation, or data exfiltration.