YAML Metadata Warning:empty or missing yaml metadata in repo card

Check out the documentation for more information.

CWE-789 -- Unbounded Memory Allocation via n_dims Before Bounds Check

Field Value
Target Mozilla-Ocho/llamafile v0.10.3 (stable-diffusion.cpp submodule)
File stable-diffusion.cpp/src/model_io/gguf_reader_ext.h line 150
CWE CWE-789 Uncontrolled Memory Allocation
CVSS 5.5 Medium (AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
Status READY TO SUBMIT
Est. payout $1,500

Root cause (one line)

info.shape.resize(n_dims) fires at line 150 BEFORE the bounds check at line 156; n_dims=UINT32_MAX attempts ~34 GB alloc, throws std::bad_alloc which escapes catch(std::runtime_error) at line 217.

Reproduction

python3 poc_cwe789_n_dims.py /tmp/poc.gguf
../test_harness /tmp/poc.gguf
# -> terminate called after throwing an instance of 'std::bad_alloc'
#    Aborted (core dumped)  exit 134

Files

File Purpose
poc_cwe789_n_dims.py PoC generator -- produces 37-byte malicious GGUF
submission.md Full technical writeup (sanitized for huntr renderer)
report.md Plain prose for huntr form description field (zero markdown)
poc-evidence.html Self-contained HTML evidence page with terminal output
README.md This file
Downloads last month

-

Downloads are not tracked for this model. How to track
Inference Providers NEW
This model isn't deployed by any Inference Provider. 🙋 Ask for provider support