YAML Metadata Warning:empty or missing yaml metadata in repo card
Check out the documentation for more information.
GGUF Python Reader โ DoS + Integer Overflow PoC
Vulnerabilities
1. Stack Overflow via Nested Arrays (RecursionError)
- File:
dos_recursion.gguf(12 KB) - Impact: Crashes any Python application using
GGUFReader - Root cause:
_get_field_parts()recurses for nested ARRAY types with NO depth limit - Affected code:
gguf/gguf_reader.pyline 248
2. CPU Exhaustion via Large Array Count
- File:
dos_cpu_exhaust.gguf(58 bytes) - Impact: Infinite loop / CPU hang from a tiny file
- Root cause:
for idx in range(alen[0])with attacker-controlled count (up to 2^64-1) - Affected code:
gguf/gguf_reader.pyline 247
3. Integer Overflow in np.prod()
- File:
integer_overflow.gguf(160 bytes) - Impact: Wrong tensor element count โ wrong memory access / crash
- Root cause:
np.prod(dims)overflows silently for uint64 arrays - Affected code:
gguf/gguf_reader.pyline 329
Reproduction
pip install gguf numpy
python3 poc.py
Affected
- Package:
gguf(PyPI) - All versions using
GGUFReader
- Downloads last month
- 8
Hardware compatibility
Log In to add your hardware
We're not able to determine the quantization variants.
Inference Providers NEW
This model isn't deployed by any Inference Provider. ๐ Ask for provider support