YAML Metadata Warning:empty or missing yaml metadata in repo card
Check out the documentation for more information.
TFLite FlatSize() Integer Overflow PoC
Security Research β Vulnerability Proof of Concept
Vulnerability: Integer Overflow in RuntimeShape::FlatSize() (CWE-190 β CWE-122)
TFLite's RuntimeShape::FlatSize() multiplies all tensor dimensions into a 32-bit int
with ZERO overflow checking. The result feeds directly into memcpy size parameters in 30+
operator implementations, enabling heap buffer overflow.
Files
poc_generator.pyβ Script to generate malicious .tflite filesREADME.mdβ This file
Impact
Heap buffer overflow when loading and running inference on a malicious .tflite model.
Inference Providers NEW
This model isn't deployed by any Inference Provider. π Ask for provider support