YAML Metadata Warning: empty or missing yaml metadata in repo card (https://huggingface.co/docs/hub/model-cards#model-card-metadata)
SEGV in faiss (id:000281,sig:11,src:000857,time:39901240,execs:567662,op:havoc,rep:3)
Severity: medium CWE: CWE-119 Target: faiss Generated: 2026-02-19
Summary
SEGV in faiss (id:000281,sig:11,src:000857,time:39901240,execs:567662,op:havoc,rep:3). See ASAN output below for details.
Reproduction
chmod +x reproduce.sh
./reproduce.sh
Or manually:
cmake -B build-asan -DCMAKE_C_FLAGS="-fsanitize=address -fno-omit-frame-pointer" -DCMAKE_CXX_FLAGS="-fsanitize=address -fno-omit-frame-pointer" -DFAISS_ENABLE_GPU=OFF && cmake --build build-asan -j$(nproc)
ASAN_OPTIONS=detect_leaks=0 ./build-asan/fuzz_read_index ../poc.faiss
PoC File
poc.faiss(507 bytes)
ASAN Output
AddressSanitizer:DEADLYSIGNAL
=================================================================
==2425791==ERROR: AddressSanitizer: SEGV on unknown address 0x505e800000a0 (pc 0x5ffc37d5419a bp 0x7ffd1b625ab0 sp 0x7ffd1b625a10 T0)
==2425791==The signal is caused by a READ memory access.
#0 0x5ffc37d5419a in faiss::scalar_quantizer::QuantizerTemplate<faiss::scalar_quantizer::Codec6bit, (faiss::scalar_quantizer::QuantizerTemplateScaling)1, 1>::reconstruct_component(unsigned char const*, unsigned long) const /home/lab/huntr/targets/faiss/faiss/impl/scalar_quantizer/quantizers.h:169:24
#1 0x5ffc37d5419a in faiss::scalar_quantizer::DCTemplate<faiss::scalar_quantizer::QuantizerTemplate<faiss::scalar_quantizer::Codec6bit, (faiss::scalar_quantizer::QuantizerTemplateScaling)1, 1>, faiss::scalar_quantizer::SimilarityIP<1>, 1>::compute_distance(float const*, unsigned char const*) const /home/lab/huntr/targets/faiss/faiss/impl/scalar_quantizer/distance_computers.h:40:30
#2 0x5ffc37d5419a in faiss::scalar_quantizer::DCTemplate<faiss::scalar_quantizer::QuantizerTemplate<faiss::scalar_quantizer::Codec6bit, (faiss::scalar_quantizer::QuantizerTemplateScaling)1, 1>, faiss::scalar_quantizer::SimilarityIP<1>, 1>::query_to_code(unsigned char const*) const /home/lab/huntr/targets/faiss/faiss/impl/scalar_quantizer/distance_computers.h:68:16
#3 0x5ffc37d5419a in faiss::(anonymous namespace)::IVFSQScannerIP<faiss::scalar_quantizer::DCTemplate<faiss::scalar_quantizer::QuantizerTemplate<faiss::scalar_quantizer::Codec6bit, (faiss::scalar_quantizer::QuantizerTemplateScaling)1, 1>, faiss::scalar_quantizer::SimilarityIP<1>, 1>>::distance_to_code(unsigned char const*) const /home/lab/huntr/targets/faiss/faiss/impl/ScalarQuantizer.cpp:433:27
#4 0x5ffc37d5419a in unsigned long faiss::(anonymous namespace)::run_scan_codes1<faiss::(anonymous namespace)::IVFSQScannerIP<faiss::scalar_quantizer::DCTemplate<faiss::scalar_quantizer::QuantizerTemplate<faiss::scalar_quantizer::Codec6bit, (faiss::scalar_quantizer::QuantizerTemplateScaling)1, 1>, faiss::scalar_quantizer::SimilarityIP<1>, 1>>, faiss::CMin<float, long>, false, false>(faiss::(anonymous namespace)::IVFSQScannerIP<faiss::scalar_quantizer::DCTemplate<faiss::scalar_quantizer::QuantizerTemplate<faiss::scalar_quantizer::Codec6bit, (faiss::scalar_quantizer::QuantizerTemplateScaling)1, 1>, faiss::scalar_quantizer::SimilarityIP<1>, 1>> const&, unsigned long, unsigned char const*, long const*, faiss::ResultHandlerUnordered<float, long>&) /home/lab/huntr/targets/faiss/faiss/impl/expanded_scanners.h:48:29
#5 0x5ffc37d5419a in unsigned long faiss::(anonymous namespace)::run_scan_codes_fix_C<faiss::CMin<float, long>, faiss::(anonymous namespace)::IVFSQScannerIP<faiss::scalar_quantizer::DCTemplate<faiss::scalar_quantizer::QuantizerTemplate<faiss::scalar_quantizer::Codec6bit, (faiss::scalar_quantizer::QuantizerTemplateScaling)1, 1>, faiss::scalar_quantizer::SimilarityIP<1>, 1>>>(faiss::(anonymous namespace)::IVFSQScanne
Impact
Memory corruption vulnerability reachable by processing a malformed faiss file. An attacker could craft a malicious file and distribute it to cause denial of service or potentially leak sensitive heap data.
Inference Providers NEW
This model isn't deployed by any Inference Provider. 🙋 Ask for provider support