TensorRT ONNX Parser Heap OOB Read PoC
Security research PoC β DO NOT USE AS A REAL MODEL.
Files
poc_heap_overflow.pyβ Python script that crafts malicious .onnx files and triggers OOB readspoc_external_oob.onnxβ Crafted ONNX model with external weights offset past file boundarypoc_double_oob.onnxβ Crafted ONNX model with shape/data count mismatch (convertDouble OOB)weights.binβ 16-byte external weights file used by poc_external_oob.onnx
Reproduce
pip install tensorrt==10.15.1 onnx
python poc_heap_overflow.py
What it does
Finding A: External weights with offset=999999 on a 16-byte file β parser succeeds silently with OOB pointer. Finding B: shape=[50,50] with only 4 doubles β convertDouble reads 2496 heap elements, garbage visible in TRT warnings.
Inference Providers NEW
This model isn't deployed by any Inference Provider. π Ask for provider support