YAML Metadata Warning:empty or missing yaml metadata in repo card

Check out the documentation for more information.

huntr PoC โ€” Heap out-of-bounds read in libnetcdf nc_get_NC / ncx_get_uint64 (CWE-125)

Malicious model file: netcdf_numrecs_oob.nc (9 bytes, SHA-256 7861fabc09d7f08d3bde76512f49033dc05ecea932ae9c95ccd8565eddfdb9ab)

Bytes: 43 44 46 05 00 00 00 00 00 (CDF\x05 classic-format magic + truncated numrecs).

Opening this crafted NetCDF (.nc) file triggers a heap out-of-bounds read while parsing the numrecs header field via ncx_get_uint64() from nc_get_NC() (libsrc/v1hpg.c:1539), during file open. n-day variant: the read occurs before the pending assert fix (#3376/#3377) lands at v1hpg.c:1549, so the proposed patch does not prevent the over-read.

This repository hosts the proof-of-concept artifact for a huntr Model File Format disclosure.

Downloads last month

-

Downloads are not tracked for this model. How to track
Inference Providers NEW
This model isn't deployed by any Inference Provider. ๐Ÿ™‹ Ask for provider support