Update README.md

README.md

@@ -1,94 +1,104 @@
 ---
-library_name: gguf
+library_name: llama.cpp
 tags:
   - security
   - model-file-vulnerability
   - mfv
   - poc
 license: mit
-datasets: []
-language: []
 model_format: gguf
 security_scan: intentionally-malformed
 ---
 
+## Overview
 
-## GGUF Array Overflow PoC – Malformed Model File for MFV Disclosure
+This repository contains an intentionally malformed GGUF file created to demonstrate unsafe behavior in GGUF metadata parsing within `llama.cpp`.
 
-This repository hosts a malformed GGUF file crafted to demonstrate a heap allocation overflow condition during GGUF metadata parsing.
-This file is not a machine learning model and must never be used for inference or production.
+This file is **not** a machine learning model. It is malformed by design and must not be used for inference or production.
 
-It exists solely for responsible security research, reproducibility, and validation by maintainers and Huntr’s MFV triage team.
+The artifact exists solely for responsible security research, reproducibility, and validation by maintainers and Huntr’s Model File Vulnerability (MFV) triage team.
+
+---
 
 ## Reproducer File
 
-- poc_array_overflow.gguf — minimized crash-triggering GGUF payload (~64 bytes).
+- **poc_array_overflow.gguf**
+
+A minimized GGUF payload (~64 bytes) that triggers load-time undefined behavior during GGUF metadata parsing.
+
+The file was minimized using AFL++ (`afl-tmin`) to produce a stable, deterministic reproducer.
+
+---
+
+## Technical Summary
+
+- **Format:** GGUF (binary)
+- **Model:** Not a model (intentionally malformed)
+- **Attack surface:** GGUF metadata parsing
+- **Trigger phase:** Model load (prior to tensor processing)
+
+Malformed, attacker-controlled metadata values are propagated into GGUF parsing logic, resulting in unsafe arithmetic and undefined behavior during model loading.
+
+---
+
+## Security Impact
+
+This PoC demonstrates:
 
-## Model Details
+- Unsafe handling of attacker-controlled GGUF metadata
+- Load-time undefined behavior in `gguf.cpp`
+- Behavior not detected by automated model scanners
 
-- Model type: Not a model — intentionally malformed GGUF payload.
-- Primary purpose: Security research (Model File Vulnerability testing).
-- Format: GGUF binary.
-- Size: ~64 bytes.
-- Behavior: Triggers std::bad_alloc inside gguf_reader::read() due to attacker-controlled array length expansion.
-The PoC was minimized via AFL++ afl-tmin, producing a stable deterministic reproducer.
+The demonstrated impact is load-time undefined behavior / denial of service. No claims of memory corruption beyond this are made.
+
+---
+
+## Scanner Behavior
+
+When scanned using ProtectAI **modelscan**, the file reports no issues, despite reliably triggering load-time undefined behavior when parsed by `llama.cpp`.
+
+Scanner evidence is provided in the associated Huntr submission comments.
+
+---
 
 ## Intended Use
 
-This artifact is intended for:
-- Maintainership debugging.
-- MFV vulnerability validation.
-- Reproducibility of the heap overflow crash path.
-- Security pipeline hardening against malformed GGUF metadata.
+This artifact is intended only for:
 
-## Out-of-Scope / Misuse Warning
+- Maintainer debugging
+- MFV vulnerability validation
+- Reproduction of unsafe GGUF parsing behavior
+- Security hardening against malformed GGUF metadata
 
-This file must not be:
-- Used for inference.
-- Integrated into llama.cpp deployments.
-- Loaded in any production or user-facing systems.
-- Used outside controlled security testing environments. 
-The file is intentionally malformed and triggers abnormal memory allocations and parser failures.
+---
 
-## Software
+## Misuse Warning
 
-This PoC was generated and validated using the following software stack:
-- Ubuntu 22.04 LTS.
-- AFL++ 4.00c / 4.35a.
-- GCC 12.
-- llama.cpp GGUF loader (specific commit used during harness build).
-- Custom hardened GGUF harness used as reproduction target.
+This file must not be:
 
-## Citation
+- Used for inference
+- Loaded in production systems
+- Distributed as a model
+- Used outside controlled security testing environments
 
-This repository does not correspond to a research model or paper.
-It is a malformed artifact for MFV security disclosure.
+---
 
-- BibTeX: Not applicable.
-- APA: Not applicable.
+## Disclosure Context
 
-## Glossary
+This repository is part of a Huntr Model File Vulnerability (MFV) disclosure.
 
-GGUF:
-A binary format for LLM weights used by llama.cpp and related tooling. Contains metadata, key-value structures, tensor blocks, etc.
+It does not correspond to a research model, dataset, or paper.
 
-Array Overflow:
-Occurs when attacker-controlled metadata forces the parser to allocate or access beyond intended bounds. Here, malformed “n” values inside GGUF metadata cause extreme string/array resizing, leading to std::bad_alloc.
+---
 
-## More Information
+## Author
 
-This repository forms part of a Huntr Model File Vulnerability (MFV) disclosure.
-The payload demonstrates:
-- Memory-safety violations.
-- Unbounded allocation paths.
-- Malformed metadata handling gaps. 
-The artifact is safe to store and inspect but unsafe to load.
+- **aTmHnTR**  
+  Security researcher (MFV submission)
 
-## Model Card Authors
+---
 
-- Author: aTmHnTR (security researcher submitting the MFV).
+## Contact
 
-## Model Card Contact
+All vulnerability coordination must occur through Huntr’s MFV reporting system. Public discussion should avoid vulnerability details.
 
-All coordinated disclosure must take place through Huntr’s MFV reporting system.
-General questions may be raised via HuggingFace Discussions, but vulnerability-specific communication must route through Huntr.