Lucene search
K

5 matches found

Vulnrichment
Vulnrichment
added 2026/06/11 8:31 a.m.8 views

CVE-2026-5497 Unbounded Frame Count in video/jpeg Base64 Data URL Processing Leads to OOM DoS in vllm-project/vllm

vLLM versions 0.8.0 and later are vulnerable to an Out-of-Memory OOM Denial of Service DoS attack due to unbounded frame count processing in the VideoMediaIO.loadbase64 method. When processing video/jpeg data URLs, the method splits the base64 data string on commas to extract individual JPEG fram...

7.5CVSS7.2AI score0.00543EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.12 views

PT-2026-48638

Name of the Vulnerable Software and Affected Versions vLLM versions 0.8.0 and later Description An Out-of-Memory OOM Denial of Service DoS issue exists due to unbounded frame count processing in the VideoMediaIO.load base64 function. When processing video/jpeg data URLs, the system splits the...

7.5CVSS7.4AI score0.00543EPSS
Exploits1References8
OSV
OSV
added 2026/04/03 9:51 p.m.5 views

GHSA-PQ5C-RJHQ-QP7P vLLM: Denial of Service via Unbounded Frame Count in video/jpeg Base64 Processing

Summary The VideoMediaIO.loadbase64 method at vllm/multimodal/media/video.py:51-62 splits video/jpeg data URLs by comma to extract individual JPEG frames, but does not enforce a frame count limit. The numframes parameter default: 32, which is enforced by the loadbytes code path at line 47-48, is...

6.5CVSS6AI score0.0035EPSS
Exploits0References6
NCSC
NCSC
added 2022/01/21 12:0 a.m.4 views

Fixed vulnerability in AIDE (Advanced Indtrusion Detection Environment)

A vulnerability has been fixed in AIDE Advanced Intrusion Detection Environment. Due to a flaw in the way base64 data is is processed, a local malicious agent can cause a denial-of-service cause, or potentially execute arbitrary code under the rights of the application. -= SUSE =- SUSE has made...

7.8CVSS7.4AI score0.00493EPSS
Exploits1
BDU FSTEC
BDU FSTEC
added 2018/03/21 12:0 a.m.6 views

The vulnerability of the base64D function in the STMP listener component of the Exim mail server allows a attacker to execute arbitrary code.

The vulnerability of the base64 component of the STMP listener in the Exim mail server arises from buffer overflows during data processing, where the size of the buffer is not a multiple of 4 4n + 3. Exploiting this vulnerability allows an attacker, operating remotely, to execute arbitrary code...

10CVSS8.4AI score0.82238EPSS
Exploits19References17Affected Software2
Rows per page
Query Builder