CVE-2026-5497 Unbounded Frame Count in video/jpeg Base64 Data URL Processing Leads to OOM DoS in vllm-project/vllm

vLLM versions 0.8.0 and later are vulnerable to an Out-of-Memory OOM Denial of Service DoS attack due to unbounded frame count processing in the VideoMediaIO.loadbase64 method. When processing video/jpeg data URLs, the method splits the base64 data string on commas to extract individual JPEG fram...

PT-2026-48638

vLLM versions 0.8.0 and later are vulnerable to an Out-of-Memory OOM Denial of Service DoS attack due to unbounded frame count processing in the VideoMediaIO.load base64 method. When processing video/jpeg data URLs, the method splits the base64 data string on commas to extract individual JPEG...

GHSA-PQ5C-RJHQ-QP7P vLLM: Denial of Service via Unbounded Frame Count in video/jpeg Base64 Processing

Summary The VideoMediaIO.loadbase64 method at vllm/multimodal/media/video.py:51-62 splits video/jpeg data URLs by comma to extract individual JPEG frames, but does not enforce a frame count limit. The numframes parameter default: 32, which is enforced by the loadbytes code path at line 47-48, is...

Fixed vulnerability in AIDE (Advanced Indtrusion Detection Environment)

A vulnerability has been fixed in AIDE Advanced Intrusion Detection Environment. Due to a flaw in the way base64 data is is processed, a local malicious agent can cause a denial-of-service cause, or potentially execute arbitrary code under the rights of the application. -= SUSE =- SUSE has made...

The vulnerability of the base64D function in the STMP listener component of the Exim mail server allows a attacker to execute arbitrary code.

The vulnerability of the base64 component of the STMP listener in the Exim mail server arises from buffer overflows during data processing, where the size of the buffer is not a multiple of 4 4n + 3. Exploiting this vulnerability allows an attacker, operating remotely, to execute arbitrary code...