Nixpkgs Security Tracker

Login with GitHub

Suggestions search

Published

Filter by:

With package: pkgsRocm.vllm

Found 1 matching suggestions

Permalink CVE-2026-22778

updated 2 days, 22 hours ago by @jopejoe1 Activity log

Created automatic suggestion 1 week, 2 days ago
@jopejoe1 accepted 3 days, 3 hours ago
@jopejoe1 published on GitHub 2 days, 22 hours ago

vLLM leaks a heap address when PIL throws an error

vLLM is an inference and serving engine for large language models (LLMs). From 0.8.3 to before 0.14.1, when an invalid image is sent to vLLM's multimodal endpoint, PIL throws an error. vLLM returns this error to the client, leaking a heap address. With this leak, we reduce ASLR from 4 billion guesses to ~8 guesses. This vulnerability can be chained a heap overflow with JPEG2000 decoder in OpenCV/FFmpeg to achieve remote code execution. This vulnerability is fixed in 0.14.1.

Affected products

vllm

==>= 0.8.3, < 0.14.1

Matching in nixpkgs

pkgs.vllm

High-throughput and memory-efficient inference and serving engine for LLMs

nixos-unstable 0.11.2
- nixpkgs-unstable 0.14.0
- nixos-unstable-small 0.14.0
nixos-25.11 -
- nixos-25.11-small 0.11.2
- nixpkgs-25.11-darwin 0.11.2
nixos-25.05 0.8.3
- nixos-25.05-small 0.8.3
- nixpkgs-25.05-darwin 0.8.3

pkgs.pkgsRocm.vllm

High-throughput and memory-efficient inference and serving engine for LLMs

nixos-unstable 0.11.2
- nixpkgs-unstable 0.14.0
- nixos-unstable-small 0.14.0
nixos-25.11 -
- nixos-25.11-small 0.11.2
- nixpkgs-25.11-darwin 0.11.2

pkgs.python312Packages.vllm

High-throughput and memory-efficient inference and serving engine for LLMs

nixos-unstable 0.11.2
nixos-25.11 -
- nixos-25.11-small 0.11.2
- nixpkgs-25.11-darwin 0.11.2
nixos-25.05 0.8.3
- nixos-25.05-small 0.8.3
- nixpkgs-25.05-darwin 0.8.3

pkgs.python313Packages.vllm

High-throughput and memory-efficient inference and serving engine for LLMs

nixos-unstable 0.11.2
- nixpkgs-unstable 0.14.0
- nixos-unstable-small 0.14.0
nixos-25.11 -
- nixos-25.11-small 0.11.2
- nixpkgs-25.11-darwin 0.11.2
nixos-25.05 0.8.3
- nixos-25.05-small 0.8.3
- nixpkgs-25.05-darwin 0.8.3

pkgs.pkgsRocm.python3Packages.vllm

High-throughput and memory-efficient inference and serving engine for LLMs

nixos-unstable 0.11.2
- nixpkgs-unstable 0.14.0
- nixos-unstable-small 0.14.0
nixos-25.11 -
- nixos-25.11-small 0.11.2
- nixpkgs-25.11-darwin 0.11.2

Package maintainers

@CertainLach Yaroslav Bolyukin <iam@lach.pw>
@happysalada Raphael Megzari <raphael@megzari.com>
@daniel-fahey Daniel Fahey <daniel.fahey+nixpkgs@pm.me>

Upstream fix: https://github.com/vllm-project/vllm/releases/tag/v0.14.1
Upstream advisory: https://github.com/vllm-project/vllm/security/advisories/GHSA-4r2x-xpjr-7cvv

Unstable fix: https://github.com/NixOS/nixpkgs/pull/483505

1