You need to agree to share your contact information to access this model

This repository is publicly accessible, but you have to accept the conditions to access its files and content.

GGUF Python Reader -- Missing Bounds Checks (DoS)

Summary

The Python GGUF reader in llama.cpp's gguf-py library lacks the input validation bounds that the C++ implementation has, allowing a maliciously crafted GGUF file to cause denial of service through excessive memory allocation or infinite looping.

The C++ parser caps string lengths and array counts at 1 GiB (GGUF_MAX_STRING_LENGTH, GGUF_MAX_ARRAY_ELEMENTS). The Python parser has no equivalent checks.

Affected code

Repository: https://github.com/ggerganov/llama.cpp
File: gguf-py/gguf/gguf_reader.py
Commit tested: aa50b2c2ae91326d5aad956ceeb015d1d48e626b

PoC file

malicious_gguf.gguf -- a 44-byte file that declares 100 million key-value pairs in its header, causing the parser to iterate endlessly.

Reproduction

pip install gguf numpy
python reproduce.py

Expected: the script hangs indefinitely trying to parse a 44-byte file.

Impact

Any Python application using GGUFReader on untrusted GGUF files is affected. This includes CLI tools shipped with gguf-py and any application that loads GGUF models from user-supplied paths.

Fix

Add the bounds checks from the C++ implementation to the Python reader:

Maximum string length
Maximum array element count
KV pair and tensor count validation before iteration

Downloads last month: 90

GGUF

Hardware compatibility

We're not able to determine the quantization variants.

View all variants

Inference Providers NEW

This model isn't deployed by any Inference Provider. 🙋 Ask for provider support