CVE-2026-54235

vLLM is an inference and serving engine for large language models LLMs. Prior to 0.23.1rc0, ll temperature validation gates use comparison operators , which silently evaluate to False for NaN and for positive Infinity in Python's IEEE 754 float semantics. Both values pass every guard and propagat...

CVE-2026-54235 vLLM: temperature=NaN and temperature=Infinity bypass validation and propagate to GPU kernels

vLLM is an inference and serving engine for large language models LLMs. Prior to 0.23.1rc0, ll temperature validation gates use comparison operators , which silently evaluate to False for NaN and for positive Infinity in Python's IEEE 754 float semantics. Both values pass every guard and propagat...

PT-2026-50490

Name of the Vulnerable Software and Affected Versions vLLM versions prior to 0.23.1rc0 Description Temperature validation gates use comparison operators that silently evaluate to False when encountering NaN Not a Number or positive Infinity due to Python's IEEE 754 float semantics. These values...

GHSA-QG8R-F7X3-25F7 imageproc: Out-of-bounds read via NaN coordinates in bilinear/bicubic sampling

A bounds check was performed in floating points before a cast to the index passed to an unchecked access function. This checked considered NaN cases improperly, causing them to succeed the check instead of failing it. The floating point coordinate is under caller control by passing a selected...

PT-2026-38488

A bounds check was performed in floating points before a cast to the index passed to an unchecked access function. This checked considered NaN cases improperly, causing them to succeed the check instead of failing it. The floating point coordinate is under caller control by passing a selected...

RUSTSEC-2026-0117 Fragile bounds check when sampling from image

A bounds check was performed in floating points before a cast to the index passed to an unchecked access function. This checked considered NaN cases improperly, causing them to succeed the check instead of failing it. The floating point coordinate is under caller control by passing a selected...

Fragile bounds check when sampling from image

A bounds check was performed in floating points before a cast to the index passed to an unchecked access function. This checked considered NaN cases improperly, causing them to succeed the check instead of failing it. The floating point coordinate is under caller control by passing a selected...

EUVD-2026-21412

Apache Log4j's JsonTemplateLayout https://logging.apache.org/log4j/2.x/manual/json-template-layout.html , in versions up to and including 2.25.3, produces invalid JSON output when log events contain non-finite floating-point values NaN, Infinity, or -Infinity, which are prohibited by RFC 8259. Th...

OPENSUSE-RU-2026:20168-1 Recommended update for gimp

This update for gimp fixes the following issues: Changes in gimp: - Update to 3.0.8 - Font Loading Performance - Improvements in start-up time for users with a large number of fonts was backported from our 3.2 RC2 release. As a result, we now wait to load images until fonts are initialized - this...

CVE-2026-24856 iccDEV has UB runtime error in <icTagTypeSignature>

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Versions prior to 2.3.1.2 have an undefined behavior issue when floating-point NaN values are converted to unsigned short integer types during ICC profile X...

transfig security update

1:3.2.6a-5 - Detect nan in spline control values - Fix for CVE-2025-46397...

transfig security update

1:3.2.7b-11 - Detect nan in spline control values - CVE-2025-46397...

SUSE-SU-2025:03450-1 Security update for cairo

This update for cairo fixes the following issues: - CVE-2019-6461: Avoid assert when drawing arcs with NaN angles. bsc1122338 - CVE-2025-50422: Fix NULL pointer access in activeedgestotraps leading to crash in Poppler. bsc1247589...

Linux Distros Unpatched Vulnerability : CVE-2024-53427

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - decNumberCopy in decNumber.c in jq through 1.7.1 does not properly consider that NaN is interpreted as numeric, which has a resultant stack-based buffer overflo...

SUSE-SU-2025:02677-1 Security update for cairo

This update for cairo fixes the following issues: - CVE-2019-6461: avoid assert when drawing arcs with NaN angles bsc1122338...

decNumberCopy in decNumber.c in jq through 1.7.1 does not properly consider that NaN is interpreted as numeric, which has a resultant stack-based buffer overflow and out-of-bounds write, as demonstrated by use of --slurp with subtraction, such as a filter of .-. when the input has a certain form of digit string with NaN (e.g., "1 NaN123" immediately followed by many more digits).

...

ALPINE-CVE-2024-53427

decNumberCopy in decNumber.c in jq through 1.7.1 does not properly consider that NaN is interpreted as numeric, which has a resultant stack-based buffer overflow and out-of-bounds write, as demonstrated by use of --slurp with subtraction, such as a filter of .-. when the input has a certain form ...

SUSE CVE-2017-14245

An out of bounds read in the function d2alawarray in alaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values...

GHSA-XRP2-FHQ4-4Q3W Segfault if `tf.histogram_fixed_width` is called with NaN values in TensorFlow

Impact The implementation of tf.histogramfixedwidth is vulnerable to a crash when the values array contain NaN elements: python import tensorflow as tf import numpy as np tf.histogramfixedwidthvalues=np.nan, valuerange=1,2 The implementation assumes that all floating point operations are defined...

An out of bounds read in the function d2ulaw_array() in ulaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure related to mishandling of the NAN and INFINITY floating-point values.

...