YAML Metadata Warning:empty or missing yaml metadata in repo card

Check out the documentation for more information.

Joblib NumpyArrayWrapper Memory Exhaustion PoC

This PoC shows that a tiny file containing a built-in Joblib NumpyArrayWrapper can make joblib.load() attempt a large NumPy allocation on the default load path.

What this PoC shows:

  • the issue affects the standard joblib.load() path, not only the legacy compatibility loader
  • the crafted file is tiny and contains only Joblib's own wrapper metadata
  • pickle.load() of the same file is inert, while joblib.load() reconstructs the wrapper and allocates

What this PoC does not show:

  • arbitrary code execution
  • filesystem read or write outside the loaded artifact
  • a bypass of Joblib's documented warning that untrusted joblib.load() inputs are unsafe

Runtime tested:

  • Joblib commit b030e4e1ed6a227c0e587c31b266c03b3b692372
  • NumPy 2.3.5
  • Python 3.14

Run reproduce.py to generate the tiny malicious artifact and trigger the allocation attempt.

Downloads last month

-

Downloads are not tracked for this model. How to track
Inference Providers NEW
This model isn't deployed by any Inference Provider. 🙋 Ask for provider support