YAML Metadata Warning:empty or missing yaml metadata in repo card
Check out the documentation for more information.
OpenVINO Integer Overflow PoC β INTOVFL-VULN-01
Vulnerability
Integer overflow in IR model deserializer bounds check at xml_deserialize_util.cpp lines 840 and 907.
The offset and size attributes in the model XML are parsed as uint64 via get_uint64_attr(). The bounds check uses offset + size which wraps around on overflow, allowing out-of-bounds memory access.
PoC Model
poc_overflow.xml contains a Const layer with:
offset="18446744073709551360"(0xFFFFFFFFFFFFFF00)size="512"(0x200)
When added: 0xFFFFFFFFFFFFFF00 + 0x200 = 0x100 (overflow wraps to 256).
The bounds check m_weights->size() < offset + size evaluates as 256 < 256 β FALSE β check passes.
The subsequent get_ptr<char>() + 0xFFFFFFFFFFFFFF00 dereferences memory far beyond the buffer.
Reproduction
import openvino as ov
core = ov.Core()
model = core.read_model("poc_overflow.xml", "poc_overflow.bin")
# Triggers out-of-bounds read or crash
Impact
Out-of-bounds memory read (information disclosure or crash) when loading crafted model files from untrusted sources (HuggingFace, ONNX Model Zoo, etc.).
CWE
CWE-190 (Integer Overflow) β CWE-125 (Out-of-bounds Read)
CVSS
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:H β 8.6