| | --- |
| | library_name: gguf |
| | tags: |
| | - security |
| | - model-file-vulnerability |
| | - mfv |
| | - poc |
| | - deserialization |
| | license: cc |
| | model_format: gguf |
| | security_scan: intentionally-malformed |
| | --- |
| | |
| | # GGUF Deserialization PoC – Metadata String Length |
| |
|
| | ⚠️ This is **not a real machine learning model**. |
| |
|
| | This repository contains a **maliciously crafted GGUF file** that demonstrates a |
| | deserialization vulnerability in GGUF model loading as implemented in `llama.cpp`. |
| |
|
| | ## Summary |
| |
|
| | The GGUF file `poc_strlen_overflow.gguf` contains attacker-controlled metadata |
| | string length fields. When the file is loaded by a GGUF consumer, these length |
| | values are used directly during deserialization to allocate memory without |
| | sufficient upper-bound validation. |
| |
|
| | This causes unsafe memory allocation behavior during model load and results in |
| | deterministic process termination or memory exhaustion before inference. |
| |
|
| | ## Affected Software |
| |
|
| | - llama.cpp |
| | - GGUF model file format |
| |
|
| | ## Reproduction |
| |
|
| | From the project root of a `llama.cpp` build: |
| |
|
| | ```bash |
| | ./llama.cpp/build/bin/llama-gguf poc_strlen_overflow.gguf r |
| | |
