Nixpkgs security tracker

Login with GitHub

Details of issue NIXPKGS-2026-0189

NIXPKGS-2026-0189
published on
Permalink CVE-2026-22778
9.8 CRITICAL
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): High (H)
  • Integrity (I): High (H)
  • Availability (A): High (H)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): High (H)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): High (H)
  • Modified Availability (MA): High (H)
updated 3 months ago by @jopejoe1 Activity log
  • Created suggestion 3 months, 1 week ago
  • @jopejoe1 accepted 3 months ago
  • @jopejoe1 published on GitHub 3 months ago
vLLM leaks a heap address when PIL throws an error

vLLM is an inference and serving engine for large language models (LLMs). From 0.8.3 to before 0.14.1, when an invalid image is sent to vLLM's multimodal endpoint, PIL throws an error. vLLM returns this error to the client, leaking a heap address. With this leak, we reduce ASLR from 4 billion guesses to ~8 guesses. This vulnerability can be chained a heap overflow with JPEG2000 decoder in OpenCV/FFmpeg to achieve remote code execution. This vulnerability is fixed in 0.14.1.

Affected products

vllm
  • ==>= 0.8.3, < 0.14.1

Matching in nixpkgs

pkgs.vllm

High-throughput and memory-efficient inference and serving engine for LLMs

pkgs.pkgsRocm.vllm

High-throughput and memory-efficient inference and serving engine for LLMs

Package maintainers

Upstream fix: https://github.com/vllm-project/vllm/releases/tag/v0.14.1
Upstream advisory: https://github.com/vllm-project/vllm/security/advisories/GHSA-4r2x-xpjr-7cvv

Unstable fix: https://github.com/NixOS/nixpkgs/pull/483505