YAML Metadata Warning:empty or missing yaml metadata in repo card

Check out the documentation for more information.

GGUF Stride Overflow PoC

Security Research β€” Vulnerability Proof of Concept

Vulnerability: Integer Overflow in GGUF Tensor Stride Calculations (CWE-190 β†’ CWE-122)

The GGUF parser in ggml validates that tensor element counts fit in int64_t but does NOT validate that byte-level stride calculations (nb[]) fit in size_t.

A malicious GGUF file can craft tensor dimensions where:

  • ne[0] passes the INT64_MAX element count check
  • nb[1] = type_size * ne[0] overflows size_t to a small value
  • ggml_nbytes() returns the overflowed (small) value
  • A tiny buffer is allocated for a tensor claiming billions of elements
  • Consumer code accessing tensor data triggers heap buffer overflow

Files

  • malicious.gguf β€” Malicious GGUF file (576 bytes)
  • poc.py β€” Generator script

Impact

Heap buffer overflow (read/write) when loading a crafted .gguf model file with no_alloc=false. Affects all GGML-based inference engines (llama.cpp, whisper.cpp, etc.).

Downloads last month
5
GGUF
Model size
4611686T params
Architecture
Hardware compatibility
Log In to add your hardware

We're not able to determine the quantization variants.

Inference Providers NEW
This model isn't deployed by any Inference Provider. πŸ™‹ Ask for provider support