You need to agree to share your contact information to access this model

This repository is publicly accessible, but you have to accept the conditions to access its files and content.

YAML Metadata Warning:empty or missing yaml metadata in repo card

Check out the documentation for more information.

llama.cpp Qwen2-VL positions vector heap-OOB PoC

⚠️ Security research artifact — gated to ProtectAI/huntr triage. Malicious GGUF demonstrating heap-buffer-overflow WRITE in llama.cpp tools/mtmd/clip.cpp.

Submission

huntr.com Model File Vulnerabilities (MFV) — submitted by heehee0219.

Source

Derived from ggml-org/Qwen2-VL-2B-Instruct-GGUF mmproj-Qwen2-VL-2B-Instruct-Q8_0.gguf with a single 4-byte attacker patch:

KV clip.vision.spatial_merge_size set to 1 (defaults to 2 for Qwen2-VL)
Net file delta: 32 bytes

Trigger

Loading this mmproj into llama-mtmd-cli and running inference on any image triggers heap-buffer-overflow WRITE in clip_image_batch_encode() at tools/mtmd/clip.cpp:3525-3548 (HEAD f3e8d149c).

ASAN output:

ERROR: AddressSanitizer: heap-buffer-overflow on address 0x52b000006600
WRITE of size 4 at 0x52b000006600 thread T0
    #0 clip_image_batch_encode tools/mtmd/clip.cpp:2998:66
SUMMARY: AddressSanitizer: heap-buffer-overflow ... clip.cpp:2998:66

See full huntr submission for details.

Downloads last month: 2

GGUF

Hardware compatibility

Inference Providers NEW

This model isn't deployed by any Inference Provider. 🙋 Ask for provider support