---
tags:
- llama
- gguf
- text-generation
license: mit
---

# GGUF Alignment Exploit (V-01 PoC)

This repository contains proof-of-concept GGUF files demonstrating
an unpatched critical vulnerability (V-01) in llama.cpp's GGUF parser.

## Files
- `model.gguf` — Malicious GGUF with `general.alignment = 0x80000000`
- `benign_model.gguf` — Normal GGUF with `general.alignment = 32`

## Vulnerability
The `general.alignment` field in GGUF files is validated only for
power-of-2 and non-zero, but has NO upper bound check. Setting it to
very large values (e.g., 0x80000000) causes:
- Integer overflow in `GGML_PAD()` macro on 32-bit systems
- Arbitrary file seek + out-of-bounds read
- Potential heap corruption

This affects ALL llama.cpp versions and ALL downstream tools
(ollama, LM Studio, llama-cpp-python, etc.)