YAML Metadata Warning:empty or missing yaml metadata in repo card
Check out the documentation for more information.
Joblib NumpyArrayWrapper Memory Exhaustion PoC
This PoC shows that a tiny file containing a built-in Joblib NumpyArrayWrapper
can make joblib.load() attempt a large NumPy allocation on the default load path.
What this PoC shows:
- the issue affects the standard
joblib.load()path, not only the legacy compatibility loader - the crafted file is tiny and contains only Joblib's own wrapper metadata
pickle.load()of the same file is inert, whilejoblib.load()reconstructs the wrapper and allocates
What this PoC does not show:
- arbitrary code execution
- filesystem read or write outside the loaded artifact
- a bypass of Joblib's documented warning that untrusted
joblib.load()inputs are unsafe
Runtime tested:
- Joblib commit
b030e4e1ed6a227c0e587c31b266c03b3b692372 - NumPy
2.3.5 - Python
3.14
Run reproduce.py to generate the tiny malicious artifact and trigger the allocation attempt.
Inference Providers NEW
This model isn't deployed by any Inference Provider. 🙋 Ask for provider support