Bug 2436113 (CVE-2026-22778)

Summary:	CVE-2026-22778 vLLM: vLLM: Remote code execution via invalid image processing in the multimodal endpoint.
Product:	[Other] Security Response	Reporter:	OSIDB Bzimport <bzimport>
Component:	vulnerability	Assignee:	Product Security DevOps Team <prodsec-dev>
Status:	NEW ---	QA Contact:
Severity:	urgent	Docs Contact:
Priority:	urgent
Version:	unspecified	CC:	alinfoot, bbrownin, dtrifiro, jkoehler, lphiri, rbryant, weaton
Target Milestone:	---	Keywords:	Security
Target Release:	---
Hardware:	All
OS:	Linux
Whiteboard:
Fixed In Version:		Doc Type:	---
Doc Text:	A flaw was found in vLLM, an inference and serving engine for large language models (LLMs). A remote attacker can exploit this vulnerability by sending a specially crafted video URL to vLLM's multimodal endpoint. This action causes vLLM to leak a heap memory address, significantly reducing the effectiveness of Address Space Layout Randomization (ASLR). This information disclosure can then be chained with a heap overflow vulnerability to achieve remote code execution.	Story Points:	---
Clone Of:		Environment:
Last Closed:		Type:	---
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:

Description OSIDB Bzimport 2026-02-03 00:02:07 UTC

vLLM is an inference and serving engine for large language models (LLMs). From 0.8.3 to before 0.14.1, when an invalid image is sent to vLLM's multimodal endpoint, PIL throws an error. vLLM returns this error to the client, leaking a heap address. With this leak, we reduce ASLR from 4 billion guesses to ~8 guesses. This vulnerability can be chained a heap overflow with JPEG2000 decoder in OpenCV/FFmpeg to achieve remote code execution. This vulnerability is fixed in 0.14.1.