YAML Metadata Warning:empty or missing yaml metadata in repo card
Check out the documentation for more information.
Keras Native .keras OOM PoC (CWE-789)
Crafted .keras model file that triggers uncontrolled memory allocation when loaded with keras.saving.load_model().
Files
- malicious.keras (1,598 bytes) - Triggers 1.86 GB allocation
- keras_oom_poc.py - Generator script and PoC
Reproduction
pip install keras h5py numpy python keras_oom_poc.py
Details
- CWE-789: Memory Allocation with Excessive Size Value
- Affected: Keras 3.x (confirmed on 3.14.0)
- Amplification: 1,251,564x (1,598 bytes to 1.86 GB)
- Root cause: H5IOStore.getitem() allocates based on h5 dataset shape without validation
- Downloads last month
- 2
Inference Providers NEW
This model isn't deployed by any Inference Provider. 🙋 Ask for provider support