| # Joblib `NumpyArrayWrapper` Memory Exhaustion PoC | |
| This PoC shows that a tiny file containing a built-in Joblib `NumpyArrayWrapper` | |
| can make `joblib.load()` attempt a large NumPy allocation on the default load path. | |
| What this PoC shows: | |
| - the issue affects the standard `joblib.load()` path, not only the legacy compatibility loader | |
| - the crafted file is tiny and contains only Joblib's own wrapper metadata | |
| - `pickle.load()` of the same file is inert, while `joblib.load()` reconstructs the wrapper and allocates | |
| What this PoC does not show: | |
| - arbitrary code execution | |
| - filesystem read or write outside the loaded artifact | |
| - a bypass of Joblib's documented warning that untrusted `joblib.load()` inputs are unsafe | |
| Runtime tested: | |
| - Joblib commit `b030e4e1ed6a227c0e587c31b266c03b3b692372` | |
| - NumPy `2.3.5` | |
| - Python `3.14` | |
| Run `reproduce.py` to generate the tiny malicious artifact and trigger the allocation attempt. | |