heehee0219's picture
add README
243c8b4 verified
|
Raw
History Blame Contribute Delete
983 Bytes

llama.cpp DeepSeek-OCR window int overflow PoC

⚠️ Security research artifact — gated to ProtectAI/huntr triage. Malicious GGUF demonstrating signed integer overflow in llama.cpp tools/mtmd/models/deepseekocr.cpp.

Submission

huntr.com Model File Vulnerabilities (MFV) — submitted by heehee0219.

Source

Derived from ggml-org/DeepSeek-OCR-GGUF mmproj-DeepSeek-OCR-Q8_0.gguf with a single 4-byte attacker patch:

  • KV clip.vision.window_size value: 14 → 65536

Trigger

Loading this mmproj into llama-mtmd-cli triggers UBSAN-detected signed integer overflow at deepseekocr.cpp:84 (q_size * k_size = 65536 * 65536 wraps int32 to 0) during warmup graph build, leading to ggml_abort.

deepseekocr.cpp:84:27: runtime error: signed integer overflow: 65536 * 65536 cannot be represented in type 'int'
SUMMARY: UBSAN: undefined-behavior
[Aborted]

See full huntr submission for details.