Bug 2489786 (CVE-2026-12491) - CVE-2026-12491 vllm: vllm: image EXIF Rotation & PNG tRNS Transparency Not Normalized, Causing Mismatch Between Model Input and Expectations
Summary: CVE-2026-12491 vllm: vllm: image EXIF Rotation & PNG tRNS Transparency Not No...
Keywords:
Status: NEW
Alias: CVE-2026-12491
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2026-06-17 09:14 UTC by OSIDB Bzimport
Modified: 2026-06-17 09:27 UTC (History)
7 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description OSIDB Bzimport 2026-06-17 09:14:08 UTC 
EXIF orientation not normalized: The image orientation processed by the model differs from how humans view it, introducing interpretation bias.

PNG tRNS not explicitly flattened before converting to RGB: After conversion, transparent/semi-transparent pixels are rendered unexpectedly, making otherwise subtle overlay elements visible and distorting the input content. (This attack is similar to AlphaDog: RGBA handling is already correct in vLLM, but since tRNS permits RGB images, the correct processing path isn't taken.)

Pillow only loads the first frame when loading APNG or GIF files.

Root cause:
- Rotation: After opening an image, ImageOps.exif_transpose is not called to normalize EXIF orientation.
- Transparency: Only RGBA to RGB is flattened with a background; PNGs carrying tRNS in P/L/RGB + tRNS and other non-RGBA modes take the image.convert("RGB") path, which implicitly discards/remaps transparency semantics.
Note You need to log in before you can comment on or make changes to this bug.