ollm (oLLM) header DoS β€” PoC model file

Security proof-of-concept for a Denial-of-Service in Mega4alik/ollm (PyPI ollm, commit 6d1705a). Reported via huntr's Model File Vulnerability program.

oLLM ships its own hand-rolled safetensors parser (SafeTensorReader) with zero header validation. model.safetensors is a 13-byte file whose header is not valid JSON. Loading it through the parser crashes the process with an uncaught json.JSONDecodeError, at model-load time, before any tensor data is read. This affects any app using ollm to load a model (its core use case β€” it streams models downloaded from the Hugging Face Hub).

Reproduce

pip install ollm β€” no GPU required, crash precedes any torch/CUDA op:

from ollm.gds_loader import SafeTensorReader
SafeTensorReader("model.safetensors")
# -> json.decoder.JSONDecodeError   (uncaught -> loader crash)
Downloads last month

-

Downloads are not tracked for this model. How to track
Inference Providers NEW
This model isn't deployed by any Inference Provider. πŸ™‹ Ask for provider support