File size: 923 Bytes
1136d27
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
# Joblib `NumpyArrayWrapper` Memory Exhaustion PoC

This PoC shows that a tiny file containing a built-in Joblib `NumpyArrayWrapper`
can make `joblib.load()` attempt a large NumPy allocation on the default load path.

What this PoC shows:
- the issue affects the standard `joblib.load()` path, not only the legacy compatibility loader
- the crafted file is tiny and contains only Joblib's own wrapper metadata
- `pickle.load()` of the same file is inert, while `joblib.load()` reconstructs the wrapper and allocates

What this PoC does not show:
- arbitrary code execution
- filesystem read or write outside the loaded artifact
- a bypass of Joblib's documented warning that untrusted `joblib.load()` inputs are unsafe

Runtime tested:
- Joblib commit `b030e4e1ed6a227c0e587c31b266c03b3b692372`
- NumPy `2.3.5`
- Python `3.14`

Run `reproduce.py` to generate the tiny malicious artifact and trigger the allocation attempt.