Impact
The vulnerability stems from the VideoMediaIO.load_base64() method, which splits a video/jpeg data URL on commas to extract JPEG frames without imposing a limit on the number of frames. An attacker can craft a data URL containing thousands of comma‑separated base64‑encoded JPEG frames in a single API request. The method decodes every frame into memory before processing, leading the server to consume excessive memory and ultimately crash. The impact is an Out‑of‑Memory Denial of Service that affects the availability of the affected service and does not compromise confidentiality or integrity.
Affected Systems
The affected product is vLLM, produced by vllm-project. Versions 0.8.0 and later are vulnerable. The vulnerability is exercised through the OpenAI‑compatible chat completions API exposed by the system.
Risk and Exploitability
The CVSS score of 7.5 indicates high severity. The EPSS score of less than 1% demonstrates a currently low probability of exploitation, though it remains possible. The vulnerability is not listed in CISA’s KEV catalog. It is reachable through the public Chat Completions endpoint without authentication, meaning an unauthenticated external attacker can trigger the denial of service by sending a single crafted request containing an unbounded number of frames.
OpenCVE Enrichment