5 matches found
GHSA-4R2X-XPJR-7CVV vLLM has RCE In Video Processing
Summary A chain of vulnerabilities in vLLM allow Remote Code Execution RCE: 1. Info Leak - PIL error messages expose memory addresses, bypassing ASLR 2. Heap Overflow - JPEG2000 decoder in OpenCV/FFmpeg has a heap overflow that lets us hijack code execution Result: Send a malicious video URL to...
CVE-2026-24779 vLLM vulnerable to Server-Side Request Forgery (SSRF) in `MediaConnector`
vLLM is an inference and serving engine for large language models LLMs. Prior to version 0.14.1, a Server-Side Request Forgery SSRF vulnerability exists in the MediaConnector class within the vLLM project's multimodal feature set. The loadfromurl and loadfromurlasync methods obtain and process...
Linux Distros Unpatched Vulnerability : CVE-2018-10873
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. A...
PT-2024-35954 · Rpgp · Rpgp
Name of the Vulnerable Software and Affected Versions: rPGP versions prior to 0.14.1 Description: The issue allows attackers to trigger resource exhaustion vulnerabilities in rPGP by providing crafted messages, affecting general message parsing and decryption with symmetric keys. This can cause...
Red Hat SPICE Denial of Service Vulnerability
Red Hat SPICE is an adaptive telepresence open-source protocol used by Red Hat's Enterprise Virtualized Desktop Edition to connect users to their virtual desktops, providing the exact same end-user experience as a physical desktop. A denial-of-service vulnerability exists in Red Hat SPICE version...