Hugging Face's logo

Rammadaeus
/
tflite-heap-oob-read-poc

LiteRT
Model card Files
xet
Community

You need to agree to share your contact information to access this model

This repository is publicly accessible, but you have to accept the conditions to access its files and content.

Log in or Sign Up to review the conditions and access this model content.

TFLite Heap OOB Read β€” PoC

Crafted .tflite model that triggers a heap out-of-bounds read in TFLite's InterpreterBuilder::operator() at interpreter_builder.cc:839.

Files

  • poc.tflite β€” 189-byte malformed TFLite model (crafted SubGraph vtable offset)
  • reproduce.sh β€” One-command reproduction script

Quick Reproduction 

chmod +x reproduce.sh
./reproduce.sh

What Happens

  1. BuildFromFile("poc.tflite") succeeds β€” the model passes ValidateModelBuffers()
  2. InterpreterBuilder::operator() accesses subgraph->operators() which follows a corrupted vtable offset
  3. The read resolves to 2,920 bytes before the allocated heap region β†’ SEGV / heap-buffer-overflow

Affected Code Path

Python's tf.lite.Interpreter(model_path=...) calls BuildFromFile which does NOT run the FlatBuffers Verifier, making this exploitable through the standard Python API.

Target

  • TensorFlow v2.18.0 (commit 6550e4bd)
  • CWE-125: Out-of-bounds Read
Downloads last month
-
Inference Providers NEW
This model isn't deployed by any Inference Provider. πŸ™‹ Ask for provider support