| # PoC: Integer Overflow in Arm NN TensorShape::GetNumElements() | |
| ## Vulnerability | |
| Integer overflow in `TensorShape::GetNumElements()` in ARM-software/armnn (v26.01 and earlier). | |
| ## Files | |
| - `poc_overflow.armnn` - Malicious Arm NN FlatBuffer model with dims [65536, 65537] | |
| - `poc_armnn_overflow.py` - Python script to generate the PoC model | |
| ## Impact | |
| Heap buffer over-read of ~4GB when loading and running inference on the crafted model. | |
| ## Details | |
| See the full report for details on the integer overflow in 32-bit unsigned multiplication. | |