Instructions to use hacnho/tensorrt-generatedetection-image-size-bypass-poc with libraries, inference providers, notebooks, and local apps. Follow these links to get started.
- Libraries
- TensorRT
How to use hacnho/tensorrt-generatedetection-image-size-bypass-poc with TensorRT:
# No code snippets available yet for this library. # To use this model, check the repository files and the library's documentation. # Want to help? PRs adding snippets are welcome at: # https://github.com/huggingface/huggingface.js
- Notebooks
- Google Colab
- Kaggle
TensorRT GenerateDetection image_size PoC
This public repository contains a benign security research PoC for a TensorRT Model File Vulnerability report.
Files:
control_generatedetection.engine: control TensorRT engine withGenerateDetection_TRTserializedimage_size=(3,224,224).malicious_image_size_zero.engine: crafted TensorRT engine withGenerateDetection_TRTserializedimage_size=(3,0,224).reproduce.py: runs both engines through TensorRT inference and prints the output delta.
Tested environment:
- TensorRT
11.1.0.106 - modelscan
0.8.8 - Entry point:
trt.Runtime(logger).deserialize_cuda_engine(...), thenctx.execute_async_v3(0)
Reproduction:
python reproduce.py \
--control control_generatedetection.engine \
--malicious malicious_image_size_zero.engine
Expected result:
- Control first detection:
[0.10000002, 0.10000002, 0.39999998, 0.39999998, 1.0, 0.95000005] - Malicious first detection:
[0.0, 0.10000002, 0.0, 0.39999998, 1.0, 0.95000005]
The malicious model file preserves the class and confidence but silently collapses the y coordinates during inference.
Scanner result:
modelscan 0.8.8: No issues found
Skipped: Model Scan did not scan file
- Downloads last month
- -
Inference Providers NEW
This model isn't deployed by any Inference Provider. 🙋 Ask for provider support