SecBoard
Zurück zur CVE-Übersicht

CVE-2026-12491

MEDIUM(4.8)

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L

Risk Signal Score12/100 — NIEDRIG
  • CVSS 4.8 — Mittel

EPSS-Score

0%

Exploit-Wahrscheinlichkeit (30 Tage)

CVSS Score

4.8

Technische Schwere

Beschreibung

A flaw was found in vLLM, an open-source library for large language model inference. This vulnerability arises from improper handling of image metadata, specifically EXIF orientation and PNG transparency (tRNS) data, during image processing. When images are converted to RGB, transparency information may be implicitly discarded or remapped, leading to unexpected rendering of transparent pixels and distortion of input content. This can result in the model misinterpreting image content, potentially affecting the integrity of processed data.

GitHub Advisories

GHSA-8jr5-v98p-w75mMEDIUM

vLLM: image EXIF Rotation & PNG tRNS Transparency Not Normalized, Causing Mismatch Between Model Input and Expectations

pip/vllm
GitHub Advisory

Referenzen