| # ExecuTorch .pte Integer Overflow PoC | |
| **CWE-190**: Integer Overflow or Wraparound in segment offset arithmetic | |
| ## Vulnerability | |
| Multiple integer overflow vulnerabilities in ExecuTorch C++ runtime when parsing `.pte` model files. | |
| Unchecked arithmetic on segment offsets can wrap around, causing out-of-bounds memory access. | |
| **Distinct from CVE-2025-54952** which only patched `Program::LoadSegment()`. | |
| ## 3 Findings | |
| 1. `pte_data_map.cpp:58` β `PteDataMap::get_data()` | |
| 2. `bundled_program.cpp:79` β BundledProgram segment loading | |
| 3. `flatbuffer_program.cpp:119` β `FlatBufferProgram::load_segment()` | |
| ## Files | |
| - `overflow_poc.pte` β Crafted .pte file with overflow segment offsets | |
| - `exploit_pte.py` β PoC documentation script | |
| ## CVSS | |
| 7.8 High β AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | |