YAML Metadata Warning: empty or missing yaml metadata in repo card (https://huggingface.co/docs/hub/model-cards#model-card-metadata)
PoC: ExecuTorch Out-of-bounds Read via Crafted .pte File
Vulnerability
Out-of-bounds heap read in ExecuTorch Program::load() and metadata accessors when processing a crafted .pte file. The default loading path (Verification::Minimal) does not run the FlatBuffers Verifier, so crafted offsets cause SIGSEGV when accessing program metadata.
CWE: CWE-125 (Out-of-bounds Read)
Tested: executorch==1.1.0 (pip), source commit a17428b33d7cdb0bc4b4917da4e487dbcfe4173d
Reproduction
pip install executorch==1.1.0
python3 reproduce.py
Expected output:
[*] Testing: poc_flatbuf_oob.pte (64 bytes)
Loading program... (should crash)
Segmentation fault (core dumped)
Files
poc_flatbuf_oob.pteโ 64-byte crafted .pte file (triggers SEGV inget_execution_plan()viastrcmpon invalid pointer)poc_vtable_oob.pteโ 64-byte crafted .pte file (triggers SEGV inget_method_name()via invalid VTable offset)reproduce.pyโ Self-contained Python reproduction script
Inference Providers NEW
This model isn't deployed by any Inference Provider. ๐ Ask for provider support