ollm (oLLM) header DoS β PoC model file
Security proof-of-concept for a Denial-of-Service in
Mega4alik/ollm (PyPI ollm, commit 6d1705a).
Reported via huntr's Model File Vulnerability program.
oLLM ships its own hand-rolled safetensors parser (SafeTensorReader) with zero
header validation. model.safetensors is a 13-byte file whose header is not valid
JSON. Loading it through the parser crashes the process with an uncaught
json.JSONDecodeError, at model-load time, before any tensor data is read. This
affects any app using ollm to load a model (its core use case β it streams models
downloaded from the Hugging Face Hub).
Reproduce
pip install ollm β no GPU required, crash precedes any torch/CUDA op:
from ollm.gds_loader import SafeTensorReader
SafeTensorReader("model.safetensors")
# -> json.decoder.JSONDecodeError (uncaught -> loader crash)
Inference Providers NEW
This model isn't deployed by any Inference Provider. π Ask for provider support