| tags: | |
| - llama | |
| - gguf | |
| - text-generation | |
| license: mit | |
| # GGUF Alignment Exploit (V-01 PoC) | |
| This repository contains proof-of-concept GGUF files demonstrating | |
| an unpatched critical vulnerability (V-01) in llama.cpp's GGUF parser. | |
| ## Files | |
| - `model.gguf` — Malicious GGUF with `general.alignment = 0x80000000` | |
| - `benign_model.gguf` — Normal GGUF with `general.alignment = 32` | |
| ## Vulnerability | |
| The `general.alignment` field in GGUF files is validated only for | |
| power-of-2 and non-zero, but has NO upper bound check. Setting it to | |
| very large values (e.g., 0x80000000) causes: | |
| - Integer overflow in `GGML_PAD()` macro on 32-bit systems | |
| - Arbitrary file seek + out-of-bounds read | |
| - Potential heap corruption | |
| This affects ALL llama.cpp versions and ALL downstream tools | |
| (ollama, LM Studio, llama-cpp-python, etc.) |