# Joblib `NumpyArrayWrapper` Memory Exhaustion PoC This PoC shows that a tiny file containing a built-in Joblib `NumpyArrayWrapper` can make `joblib.load()` attempt a large NumPy allocation on the default load path. What this PoC shows: - the issue affects the standard `joblib.load()` path, not only the legacy compatibility loader - the crafted file is tiny and contains only Joblib's own wrapper metadata - `pickle.load()` of the same file is inert, while `joblib.load()` reconstructs the wrapper and allocates What this PoC does not show: - arbitrary code execution - filesystem read or write outside the loaded artifact - a bypass of Joblib's documented warning that untrusted `joblib.load()` inputs are unsafe Runtime tested: - Joblib commit `b030e4e1ed6a227c0e587c31b266c03b3b692372` - NumPy `2.3.5` - Python `3.14` Run `reproduce.py` to generate the tiny malicious artifact and trigger the allocation attempt.