Hugging Face's logo

aTmHnTR
/
gguf-array-overflow-poc

GGUF
security
model-file-vulnerability
mfv
poc
Model card Files
xet
Community

You need to agree to share your contact information to access this model

This repository is publicly accessible, but you have to accept the conditions to access its files and content.

Log in or Sign Up to review the conditions and access this model content.

GGUF Array Overflow PoC โ€“ Malformed Model File for MFV Disclosure

This repository hosts a malformed GGUF file crafted to demonstrate a heap allocation overflow condition during GGUF metadata parsing. This file is not a machine learning model and must never be used for inference or production.

It exists solely for responsible security research, reproducibility, and validation by maintainers and Huntrโ€™s MFV triage team.

Reproducer File

  • poc_array_overflow.gguf โ€” minimized crash-triggering GGUF payload (~64 bytes).

Model Details

  • Model type: Not a model โ€” intentionally malformed GGUF payload.
  • Primary purpose: Security research (Model File Vulnerability testing).
  • Format: GGUF binary.
  • Size: ~64 bytes.
  • Behavior: Triggers std::bad_alloc inside gguf_reader::read() due to attacker-controlled array length expansion. The PoC was minimized via AFL++ afl-tmin, producing a stable deterministic reproducer.

Intended Use

This artifact is intended for:

  • Maintainership debugging.
  • MFV vulnerability validation.
  • Reproducibility of the heap overflow crash path.
  • Security pipeline hardening against malformed GGUF metadata.

Out-of-Scope / Misuse Warning

This file must not be:

  • Used for inference.
  • Integrated into llama.cpp deployments.
  • Loaded in any production or user-facing systems.
  • Used outside controlled security testing environments. The file is intentionally malformed and triggers abnormal memory allocations and parser failures.

Software

This PoC was generated and validated using the following software stack:

  • Ubuntu 22.04 LTS.
  • AFL++ 4.00c / 4.35a.
  • GCC 12.
  • llama.cpp GGUF loader (specific commit used during harness build).
  • Custom hardened GGUF harness used as reproduction target.

Citation

This repository does not correspond to a research model or paper. It is a malformed artifact for MFV security disclosure.

  • BibTeX: Not applicable.
  • APA: Not applicable.

Glossary

GGUF: A binary format for LLM weights used by llama.cpp and related tooling. Contains metadata, key-value structures, tensor blocks, etc.

Array Overflow: Occurs when attacker-controlled metadata forces the parser to allocate or access beyond intended bounds. Here, malformed โ€œnโ€ values inside GGUF metadata cause extreme string/array resizing, leading to std::bad_alloc.

More Information

This repository forms part of a Huntr Model File Vulnerability (MFV) disclosure. The payload demonstrates:

  • Memory-safety violations.
  • Unbounded allocation paths.
  • Malformed metadata handling gaps. The artifact is safe to store and inspect but unsafe to load.

Model Card Authors

  • Author: aTmHnTR (security researcher submitting the MFV).

Model Card Contact

All coordinated disclosure must take place through Huntrโ€™s MFV reporting system. General questions may be raised via HuggingFace Discussions, but vulnerability-specific communication must route through Huntr.

Downloads last month
-
GGUF
Hardware compatibility
Log In to view the estimation

We're not able to determine the quantization variants.

View all variants
Inference Providers NEW
This model isn't deployed by any Inference Provider. ๐Ÿ™‹ Ask for provider support