YAML Metadata Warning:empty or missing yaml metadata in repo card
Check out the documentation for more information.
OpenVINO shape_size() Integer Overflow PoC
Vulnerability
CWE-190 integer overflow in shape_size() (shape.hpp:87) bypasses the consistency check
in xml_deserialize_util.cpp:916, allowing a crafted OpenVINO IR model with mismatched
shape/data to load successfully, causing OOM (CWE-789) on compilation.
Files
create_poc.pyโ Creates the crafted model files (overflow_poc.xml + overflow_poc.bin)exploit.pyโ Loads the model and demonstrates the bypassed checkexploit_v3.pyโ Extended PoC showing OOM on compile_model()overflow_poc.xmlโ Crafted IR v11 model (782 bytes)overflow_poc.binโ Minimal weights (4 bytes)
Reproduction
pip install openvino
python3 create_poc.py
python3 exploit_v3.py
Expected Output
[1] Loading model...
Loaded: 2 ops
Constant shape: [4611686018427387904], type: <Type: 'float32'>
[2] Attempting compile...
MemoryError during compile: std::bad_alloc
Affected
- OpenVINO 2026.1.0-21367 (latest)
- All versions using unchecked shape_size() in IR deserialization
Fix
Replace shape_size() with shape_size_safe() in xml_deserialize_util.cpp:916
Inference Providers NEW
This model isn't deployed by any Inference Provider. ๐ Ask for provider support