# ExecuTorch .pte Integer Overflow PoC **CWE-190**: Integer Overflow or Wraparound in segment offset arithmetic ## Vulnerability Multiple integer overflow vulnerabilities in ExecuTorch C++ runtime when parsing `.pte` model files. Unchecked arithmetic on segment offsets can wrap around, causing out-of-bounds memory access. **Distinct from CVE-2025-54952** which only patched `Program::LoadSegment()`. ## 3 Findings 1. `pte_data_map.cpp:58` — `PteDataMap::get_data()` 2. `bundled_program.cpp:79` — BundledProgram segment loading 3. `flatbuffer_program.cpp:119` — `FlatBufferProgram::load_segment()` ## Files - `overflow_poc.pte` — Crafted .pte file with overflow segment offsets - `exploit_pte.py` — PoC documentation script ## CVSS 7.8 High — AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H