You need to agree to share your contact information to access this model

This repository is publicly accessible, but you have to accept the conditions to access its files and content.

Log in or Sign Up to review the conditions and access this model content.

coremltools MILBlob Span::Slice integer-overflow β€” Core ML PoC model

Security-research proof-of-concept for a huntr Model-File-Vulnerability report against coremltools (Apple). This repository exists only to host the malicious model file for reviewer reproduction. The model is harmless to store; it triggers an unhandled exception (uncontrolled allocation / DoS) when its weights are parsed by a weight-touching coremltools API.

  • Affected: coremltools==9.0 (PyPI latest 2026-06-20); GitHub main HEAD cac0e43df846b16558fc478d49420f95ea90203f.
  • Class: CWE-190 integer overflow defeating a bounds check (Span::Slice) β†’ CWE-789 uncontrolled allocation (DoS).
  • File format: Core ML .mlpackage MIL weight-storage blob.

Files

  • coreml_evil_mlpackage.zip β€” the malicious .mlpackage (only the weight blob's sizeInBytes field is corrupted; model.mlmodel is byte-identical to a clean model).

Reproduce

pip install coremltools==9.0
unzip coreml_evil_mlpackage.zip
python - <<'PY'
import coremltools as ct
from coremltools.optimize.coreml import get_weights_metadata
mdl = ct.models.MLModel("coreml_evil.mlpackage", skip_model_load=True)
get_weights_metadata(mdl)   # -> ValueError: array is too big  (Span::Slice bounds check bypassed)
PY

A clean model returns weight metadata normally. A plain-oversize sizeInBytes (no integer overflow) is correctly rejected with ValueError: index out of bounds. Only the wrap-around input (offset + sizeInBytes ≑ 0 mod 2^64) bypasses the check at mlmodel/src/MILBlob/Util/Span.hpp:325.

Downloads last month

-

Downloads are not tracked for this model. How to track
Inference Providers NEW
This model isn't deployed by any Inference Provider. πŸ™‹ Ask for provider support