YAML Metadata Warning:empty or missing yaml metadata in repo card
Check out the documentation for more information.
NumPy .npy OOM Denial of Service PoC
Vulnerability
Memory Exhaustion via Crafted .npy File Header (CWE-789 / CWE-190)
File: numpy/lib/_format_impl.py, line 860 Impact: A ~128-byte .npy file triggers multi-gigabyte memory allocation, crashing the process
Files
oom_bomb_8gb.npyโ 128 bytes, requests 8 GB allocationoom_bomb_16gb.npyโ 128 bytes, requests 16 GB allocationoom_bomb_dtype.npyโ 128 bytes, requests 2 GB via large dtype
How to reproduce
import numpy as np
# WARNING: This will attempt to allocate 8 GB of memory
arr = np.load('oom_bomb_8gb.npy', allow_pickle=False)
Root Cause
numpy.load() reads shape and dtype from the file header and allocates memory before reading any data. No size limit check exists.
Inference Providers NEW
This model isn't deployed by any Inference Provider. ๐ Ask for provider support