metadata
library_name: gguf
tags:
- security
- model-file-vulnerability
- mfv
- poc
- deserialization
license: cc
model_format: gguf
security_scan: intentionally-malformed
GGUF Deserialization PoC – Metadata String Length
⚠️ This is not a real machine learning model.
This repository contains a maliciously crafted GGUF file that demonstrates a
deserialization vulnerability in GGUF model loading as implemented in llama.cpp.
Summary
The GGUF file poc_strlen_overflow.gguf contains attacker-controlled metadata
string length fields. When the file is loaded by a GGUF consumer, these length
values are used directly during deserialization to allocate memory without
sufficient upper-bound validation.
This causes unsafe memory allocation behavior during model load and results in deterministic process termination or memory exhaustion before inference.
Affected Software
- llama.cpp
- GGUF model file format
Reproduction
From the project root of a llama.cpp build:
./llama.cpp/build/bin/llama-gguf poc_strlen_overflow.gguf r