A two-stage exploit chain in vLLM's multimodal video processing bypasses ASLR through PIL exception leakage, then achieves heap overflow via a malicious JPEG2000 file, giving unauthenticated attackers code execution on inference servers.
A two-stage exploit chain in vLLM's multimodal video processing bypasses ASLR through PIL exception leakage, then achieves heap overflow via a malicious JPEG2000 file, giving unauthenticated attackers code execution on inference servers.
NeuralTrust researchers published details of a new image generation jailbreak called Semantic Chaining that breaks safety filters in Grok 4, Gemini Nano, and other multimodal models by exploiting how each editing step is evaluated in isolation.
Safety-aligned multimodal LLMs can be reliably jailbroken by encoding adversarial instructions as text within images, bypassing text-layer safety filters entirely.
Vision-language models are highly susceptible to adversarial image perturbations, with attacks transferring across models (GPT-4V, Gemini Pro, LLaVA) at 43-74% success rates.