YAML Metadata Warning:empty or missing yaml metadata in repo card
Check out the documentation for more information.
ExecuTorch .pte Integer Overflow PoC
CWE-190: Integer Overflow or Wraparound in segment offset arithmetic
Vulnerability
Multiple integer overflow vulnerabilities in ExecuTorch C++ runtime when parsing .pte model files.
Unchecked arithmetic on segment offsets can wrap around, causing out-of-bounds memory access.
Distinct from CVE-2025-54952 which only patched Program::LoadSegment().
3 Findings
pte_data_map.cpp:58โPteDataMap::get_data()bundled_program.cpp:79โ BundledProgram segment loadingflatbuffer_program.cpp:119โFlatBufferProgram::load_segment()
Files
overflow_poc.pteโ Crafted .pte file with overflow segment offsetsexploit_pte.pyโ PoC documentation script
CVSS
7.8 High โ AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- Downloads last month
- 6
Inference Providers NEW
This model isn't deployed by any Inference Provider. ๐ Ask for provider support