Lucene search
+L

244 matches found

vulnrichment
vulnrichment
added 2026/02/02 9:9 p.m.6 views

CVE-2026-22778 vLLM leaks a heap address when PIL throws an error

vLLM is an inference and serving engine for large language models LLMs. From 0.8.3 to before 0.14.1, when an invalid image is sent to vLLM's multimodal endpoint, PIL throws an error. vLLM returns this error to the client, leaking a heap address. With this leak, we reduce ASLR from 4 billion guess...

9.8CVSS6AI score0.03816EPSS
Exploits0References4
attackerkb
attackerkb
added 2026/02/02 9:9 p.m.7 views

CVE-2026-22778

vLLM is an inference and serving engine for large language models LLMs. From 0.8.3 to before 0.14.1, when an invalid image is sent to vLLM's multimodal endpoint, PIL throws an error. vLLM returns this error to the client, leaking a heap address. With this leak, we reduce ASLR from 4 billion guess...

9.8CVSS6AI score0.03816EPSS
Exploits0References5Affected Software1
cve
cve
added 2026/02/02 9:9 p.m.55 views

CVE-2026-22778

Summary of CVE-2026-22778 : A vulnerability in vLLM (0.8.3–0.14.0) lets an attacker send an invalid image to the multimodal endpoint, causing PIL to leak a heap address. This information disclosure can be chained with a heap overflow in the JPEG2000 decoder used by OpenCV/FFmpeg to achieve remote...

9.8CVSS6AI score0.03816EPSS
Exploits0References15Affected Software1
cvelist
cvelist
added 2026/02/02 9:9 p.m.43 views

CVE-2026-22778 vLLM leaks a heap address when PIL throws an error

vLLM is an inference and serving engine for large language models LLMs. From 0.8.3 to before 0.14.1, when an invalid image is sent to vLLM's multimodal endpoint, PIL throws an error. vLLM returns this error to the client, leaking a heap address. With this leak, we reduce ASLR from 4 billion guess...

9.8CVSS0.03816EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2026/02/02 12:0 a.m.6 views

PT-2026-5710

Name of the Vulnerable Software and Affected Versions vLLM versions 0.8.3 through 0.14.0 Description vLLM is an inference and serving engine for large language models LLMs. A chain of issues allows for remote code execution RCE when a video model is enabled. First, sending an invalid image to the...

9.8CVSS7.6AI score0.03816EPSS
Exploits0References42
euvd
euvd
added 2026/01/28 4:14 p.m.7 views

EUVD-2026-4711

vLLM vulnerable to Server-Side Request Forgery SSRF through MediaConnector...

7.1CVSS5.9AI score0.00528EPSS
Exploits1References4
redhatcve
redhatcve
added 2026/01/27 9:20 p.m.8 views

CVE-2026-22773

A flaw was found in vLLM, an inference and serving engine for large language models LLMs. A remote attacker can exploit this vulnerability by sending a specially crafted 1x1 pixel image to a vLLM engine serving multimodal models that use the Idefics3 vision model implementation. This leads to a...

7.5CVSS5.8AI score0.00403EPSS
Exploits1References4
packetstormnews
packetstormnews
added 2026/01/24 12:0 a.m.5 views

FOCA: Multimodal Malware Classification Via Hyperbolic Cross-Attention

In this work, we introduce FOCA, a novel multimodal framework for malware classification that jointly leverages audio and visual modalities. Unlike conventional Euclidean-based fusion methods, FOCA is the first to exploit the intrinsic hierarchical relationships between audio and visual...

5.9AI score
Exploits0
euvd
euvd
added 2026/01/13 6:44 p.m.7 views

EUVD-2026-1865

vLLM is vulnerable to DoS in Idefics3 vision models via image payload with ambiguous dimensions...

6.5CVSS6.4AI score0.00403EPSS
Exploits1References4
packetstormnews
packetstormnews
added 2026/01/13 12:0 a.m.6 views

Integrating APK Image and Text Data for Enhanced Threat Detection: A Multimodal Deep Learning Approach to Android Malware

As zero-day Android malware attacks grow more sophisticated, recent research highlights the effectiveness of using image-based representations of malware bytecode to detect previously unseen threats. However, existing studies often overlook how image type and resolution affect detection and ignor...

6.8AI score
Exploits0
snyk
snyk
added 2026/01/12 11:55 p.m.4 views

Use of NullPointerException Catch to Detect NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to Use of NullPointerException Catch to Detect NULL Pointer Dereference in the MultimodalTokenize function that improperly processes NULL from mtmdhelperbitmapinitfrombuf function of vendored llama.cpp. An attacker can cause the applicatio...

8.7CVSS5.8AI score0.00698EPSS
Exploits1References2
cnnvd
cnnvd
added 2026/01/12 12:0 a.m.7 views

Ollama 安全漏洞

Ollama is an Ollama open source large-scale language model that can be started and run locally. A security vulnerability exists in Ollama versions 0.11.5-rc0 through 0.13.5, which stems from the presence of a null pointer dereference in the image processing function of the multimodal model, which...

8.7CVSS5.8AI score0.00698EPSS
Exploits1References4
pypa
pypa
added 2026/01/10 7:16 a.m.12 views

PYSEC-2026-143

vLLM is an inference and serving engine for large language models LLMs. In versions from 0.6.4 to before 0.12.0, users can crash the vLLM engine serving multimodal models that use the Idefics3 vision model implementation by sending a specially crafted 1x1 pixel image. This causes a tensor dimensi...

7.5CVSS6.3AI score0.00403EPSS
Exploits1References1Affected Software1
nvd
nvd
added 2026/01/10 7:16 a.m.8 views

CVE-2026-22773

vLLM is an inference and serving engine for large language models LLMs. In versions from 0.6.4 to before 0.12.0, users can crash the vLLM engine serving multimodal models that use the Idefics3 vision model implementation by sending a specially crafted 1x1 pixel image. This causes a tensor dimensi...

7.5CVSS0.00403EPSS
Exploits1References1
osv
osv
added 2026/01/10 7:16 a.m.9 views

PYSEC-2026-143

vLLM is an inference and serving engine for large language models LLMs. In versions from 0.6.4 to before 0.12.0, users can crash the vLLM engine serving multimodal models that use the Idefics3 vision model implementation by sending a specially crafted 1x1 pixel image. This causes a tensor dimensi...

7.5CVSS7.2AI score0.00403EPSS
Exploits1References1
cvelist
cvelist
added 2026/01/10 6:39 a.m.29 views

CVE-2026-22773 vLLM is vulnerable to DoS in Idefics3 vision models via image payload with ambiguous dimensions

vLLM is an inference and serving engine for large language models LLMs. In versions from 0.6.4 to before 0.12.0, users can crash the vLLM engine serving multimodal models that use the Idefics3 vision model implementation by sending a specially crafted 1x1 pixel image. This causes a tensor dimensi...

6.5CVSS0.00403EPSS
Exploits1References1
osv
osv
added 2026/01/10 6:39 a.m.7 views

CVE-2026-22773 vLLM is vulnerable to DoS in Idefics3 vision models via image payload with ambiguous dimensions

vLLM is an inference and serving engine for large language models LLMs. In versions from 0.6.4 to before 0.12.0, users can crash the vLLM engine serving multimodal models that use the Idefics3 vision model implementation by sending a specially crafted 1x1 pixel image. This causes a tensor dimensi...

6.5CVSS6.7AI score0.00403EPSS
Exploits1References3
cve
cve
added 2026/01/10 6:39 a.m.27 views

CVE-2026-22773

CVE-2026-22773 affects vLLM (inference/serving engine) versions 0.6.4 through before 0.12.0 that serve multimodal models using the Idefics3 vision model. A crafted 1x1 pixel image triggers a tensor dimension mismatch in the image input processing, causing an unhandled runtime error and enabling a...

7.5CVSS6.4AI score0.00403EPSS
Exploits1References1Affected Software1
ptsecurity
ptsecurity
added 2026/01/10 12:0 a.m.8 views

PT-2026-2260

Name of the Vulnerable Software and Affected Versions vLLM versions 0.6.4 through 0.11.9 Description vLLM is an inference and serving engine for large language models LLMs. Users can cause the vLLM engine to crash when serving multimodal models that utilize the Idefics3 vision model implementatio...

6.5CVSS6.6AI score0.00403EPSS
Exploits1References5
packetstormnews
packetstormnews
added 2026/01/08 12:0 a.m.5 views

Multi-Turn Jailbreaking Attack in Multi-Modal Large Language Models

In recent years, the security vulnerabilities of Multi-modal Large Language Models MLLMs have become a serious concern in the Generative Artificial Intelligence GenAI research. These highly intelligent models, capable of performing multi-modal tasks with high accuracy, are also severely susceptib...

7.2AI score
Exploits0
Rows per page
Query Builder