GGUF Alignment Exploit (V-01 PoC)
This repository contains proof-of-concept GGUF files demonstrating an unpatched critical vulnerability (V-01) in llama.cpp's GGUF parser.
Files
model.ggufโ Malicious GGUF withgeneral.alignment = 0x80000000benign_model.ggufโ Normal GGUF withgeneral.alignment = 32
Vulnerability
The general.alignment field in GGUF files is validated only for
power-of-2 and non-zero, but has NO upper bound check. Setting it to
very large values (e.g., 0x80000000) causes:
- Integer overflow in
GGML_PAD()macro on 32-bit systems - Arbitrary file seek + out-of-bounds read
- Potential heap corruption
This affects ALL llama.cpp versions and ALL downstream tools (ollama, LM Studio, llama-cpp-python, etc.)
- Downloads last month
- 151
Hardware compatibility
Log In to add your hardware
We're not able to determine the quantization variants.