{"data":{"id":"5a27ee9e-cb86-4dc9-a013-fc8e66b2b0c1","title":"GHSA-8jr5-v98p-w75m: vLLM: image EXIF Rotation & PNG tRNS Transparency Not Normalized, Causing Mismatch Between Model Input and Expectations","summary":"vLLM, an AI framework for running large language models, has three image processing bugs that cause mismatches between what the model sees and what users expect. First, EXIF orientation data (metadata that tells how an image should be rotated) is ignored, so rotated images are processed in the wrong orientation. Second, PNG images with transparency information (the tRNS chunk, which marks certain pixels as see-through) aren't properly flattened to solid colors before processing, causing transparent pixels to become visible or distorted. Third, animated PNG and GIF files only process their first frame. These issues could alter how the model interprets image content.","solution":"A fix was merged in vLLM pull request #44974 (https://github.com/vllm-project/vllm/pull/44974). The source text does not provide specific details about what changes were made in that fix.","labels":["security"],"sourceUrl":"https://github.com/advisories/GHSA-8jr5-v98p-w75m","publishedAt":"2026-06-17T14:02:42.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":"medium","severity":"medium","attackType":["model_evasion"],"issueType":"vulnerability","affectedPackages":["vllm@>= 0.11.0, <= 0.23.0"],"affectedVendors":[],"affectedVendorsRaw":["vLLM"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":"2026-06-17T14:02:42.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity"],"aiComponentTargeted":"inference","llmSpecific":true,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}