Hugging Face's logo

Alexexy
/
mymodel

Core ML
Model card Files
xet
 Community
mymodel / README.md
Alexexy's picture
Alexexy
Upload README.md with huggingface_hub
9582f0a verified
preview code
|
raw
history blame contribute delete
1.11 kB

CoreML Span::Slice Integer Overflow PoC

CVE: Pending
Severity: High
Affected: coremltools 9.0 (macOS / Linux)

Vulnerability

Integer overflow in MILBlob::Util::Span::Slice (mlmodel/src/MILBlob/Util/Span.hpp:325) bypasses bounds checks when loading a CoreML mlProgram model with a crafted weight.bin. Results in out-of-bounds memory access β†’ SIGSEGV (process crash) on ct.models.MLModel().

// Bounds check in Span::Slice β€” NO overflow protection:
MILVerifyIsTrue(size > 0 && index < Size() && index + size <= Size(), ...)
//                                             ↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑
// index=128, size=0xFFFFFFFFFFFFFF80 β†’ 128 + 0xFFFFFFFFFFFFFF80 = 0 β†’ PASSES

Files

  • evil_crash.mlpackage/ β€” malicious CoreML model with crafted weight.bin
  • poc.py β€” standalone PoC that loads the model and captures the crash

Reproduce 

pip install coremltools
python3.12 poc.py

Expected: Exit code: -11 (SIGSEGV β€” signal 11)

Reported By

Security research β€” huntr.dev disclosure