GGUF Deserialization PoC β Metadata String Length
β οΈ This is not a real machine learning model.
This repository contains a maliciously crafted GGUF file that demonstrates a
deserialization vulnerability in GGUF model loading as implemented in llama.cpp.
Summary
The GGUF file poc_strlen_overflow.gguf contains attacker-controlled metadata
string length fields. When the file is loaded by a GGUF consumer, these length
values are used directly during deserialization to allocate memory without
sufficient upper-bound validation.
This causes unsafe memory allocation behavior during model load and results in deterministic process termination or memory exhaustion before inference.
Affected Software
- llama.cpp
- GGUF model file format
Reproduction
From the project root of a llama.cpp build:
./llama.cpp/build/bin/llama-gguf poc_strlen_overflow.gguf r
- Downloads last month
- 6
Hardware compatibility
Log In
to view the estimation
We're not able to determine the quantization variants.
Inference Providers
NEW
This model isn't deployed by any Inference Provider.
π
Ask for provider support