YAML Metadata Warning: empty or missing yaml metadata in repo card (https://huggingface.co/docs/hub/model-cards#model-card-metadata)

PoC: Dict Keys/Values OOB in PyTorch Mobile Flatbuffer Loader

Vulnerability: flatbuffer_loader.cpp:594 — parseDict() loops over keys->size() entries and reads values->Get(i) without checking i < values->size() or that values is non-null. A crafted .ptl file can trigger SIGSEGV (null values pointer), OOB read (size mismatch), or type confusion (OOB values point to wrong-type IValues).

Files

poc_flatbuf_dict_oob.py — Full PoC with 3 attack variants + code analysis

Quick Start

pip install torch
python poc_flatbuf_dict_oob.py

Expected Output

Part 1: Valid model loads correctly (baseline)
Part 2: SIGSEGV crash from null values pointer dereference
Part 3: OOB read detected (0xDEADBEEF used as IValue index)
Part 4: Silent type confusion — Dict[str, int] contains String values
Part 5: Vulnerable code analysis and suggested fix

Downloads last month: -; Downloads are not tracked for this model. How to track

Inference Providers NEW

This model isn't deployed by any Inference Provider. 🙋 Ask for provider support