vLLM Denial-of-Service Vulnerability in Video JPEG Base64 Processing

A denial-of-service vulnerability has been identified in vLLM versions 0.7.0 prior to 0.19.0. The issue arises in the VideoMediaIO.load_base64() method, which processes 'video/jpeg' data URLs by splitting them into individual JPEG frames. However, this method does not impose a limit on the number of frames, allowing an attacker to send a single API request with thousands of comma-separated base64-encoded JPEG frames. This unbounded frame count is not an issue when using the load_bytes() method, which properly enforces a default limit of 32 frames. As a result, the vulnerability can be exploited by sending a request that causes the server to decode all frames into memory, leading to an out-of-memory crash.

Impact

Exploitation of this vulnerability causes the server to run out of memory and crash.

Reproduction

To reproduce this vulnerability, send a POST request to the '/v1/chat/completions' endpoint with the 'video/jpeg' data URL type. Include thousands of comma-separated base64-encoded JPEG frames in the request. The server will decode all frames into memory, causing it to run out of resources and crash.

Remediation

Users can upgrade to vLLM version 0.19.0 or later to address this vulnerability.