You need to agree to share your contact information to access this model

This repository is publicly accessible, but you have to accept the conditions to access its files and content.

This repository hosts a proof-of-concept GGUF file for an active security vulnerability disclosure (Huntr.com Model File Vulnerabilities track, ggml-org/llama.cpp). Access is gated and manually reviewed. This file is NOT a usable language model — it is intentionally malformed and will crash any application that loads it via llama.cpp's gguf_init_from_file() (unbounded recursion in the built-in Jinja template parser, CWE-674, leads to a stack-overflow / SIGSEGV denial-of-service). Request access only if you are a maintainer, security triager, or researcher verifying this disclosure.

Log in or Sign Up to review the conditions and access this model content.

llama.cpp Jinja-parser stack-overflow PoC (Huntr disclosure)

This is a security-research proof-of-concept, not a usable model.

poc_stackoverflow.gguf is a minimal (12,074-byte) GGUF file containing a single metadata key/value pair — no tensors — whose tokenizer.chat_template string contains ~6,000 nested parentheses. When any application that embeds llama.cpp loads this file (via gguf_init_from_file() followed by the normal model-load call into common_chat_templates_init()), llama.cpp's self-written Jinja-like template parser (common/jinja/parser.cpp) recurses once per nesting level with no depth limit, exhausts the native call stack, and the process crashes with SIGSEGV — an unrecoverable denial of service that bypasses the application's normal exception handling (this is a hardware trap, not a catchable C++ exception).

This supports a disclosure submitted to the Huntr Model File Vulnerabilities track against ggml-org/llama.cpp (affected commit a4107133a634250c8c9d888bc0bc8520dcfd6105).

Files

  • poc_stackoverflow.gguf — the crash-triggering PoC (N=6000 nested parens).
  • poc_control_benign.gguf — benign control file (N=5), confirms the crash is specific to nesting depth, not file structure.
  • build_gguf.py — the generator script used to produce both files.

Do NOT

  • Do not attempt to load this file as a real chat/inference model.
  • Do not deploy this file to a production or shared inference server — loading it will crash the process.

Vulnerability class

CWE-674: Uncontrolled Recursion. See the linked Huntr disclosure for full technical detail, reproduction steps, and suggested fix.

Access

This repository is gated. Access is intended for llama.cpp maintainers, Huntr/security triagers, and researchers independently verifying this disclosure. Requests are manually reviewed.

Downloads last month
-
GGUF
Model size
0 params
Architecture
Hardware compatibility
Log In to add your hardware

We're not able to determine the quantization variants.

Inference Providers NEW
This model isn't deployed by any Inference Provider. 🙋 Ask for provider support