Hugging Face's logo

willardj
/
llamafile-crash-poc

llamafile
Model card Files
xet
 Community

You need to agree to share your contact information to access this model

This repository is publicly accessible, but you have to accept the conditions to access its files and content.

Log in or Sign Up to review the conditions and access this model content.

YAML Metadata Warning:empty or missing yaml metadata in repo card

Check out the documentation for more information.

Llamafile ZIP Parser Crash PoC

CRASH-VULN-01: Local File Header Offset Overflow β†’ SIGBUS

A crafted .llamafile ZIP container with inflated namesize and extrasize fields in the local file header causes an unchecked offset overflow in llamafile_open_zip(), leading to an immediate SIGBUS crash.

Reproduce 

llamafile --cli -m poc_lfile_offset.llamafile --prompt "test"
# Exit code 138 (SIGBUS)

Files

  • poc_lfile_offset.llamafile β€” PoC file (132 bytes), crashes llamafile v0.10.0
  • poc_lfile_offset.py β€” Generator script
  • poc_size_overflow.llamafile β€” Secondary PoC (integer sign confusion)
  • poc_size_overflow.py β€” Generator script

Affected

llamafile v0.10.0 and all prior versions.

Downloads last month
-
Inference Providers NEW
This model isn't deployed by any Inference Provider. πŸ™‹ Ask for provider support