Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
vLLM: Downmix Implementation Differences as Attack Vectors Against Audio AI Models
Vulnerability Description
vLLM is an inference and serving engine for large language models (LLMs). From version 0.5.5 to before version 0.18.0, Librosa defaults to using numpy.mean for mono downmixing (to_mono), while the international standard ITU-R BS.775-4 specifies a weighted downmixing algorithm. This discrepancy results in inconsistency between audio heard by humans (e.g., through headphones/regular speakers) and audio processed by AI models (Which infra via Librosa, such as vllm, transformer). This issue has been patched in version 0.18.0.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:L
Vulnerability Type
输入验证不恰当
Vulnerability Title
vLLM 输入验证错误漏洞
Vulnerability Description
vLLM是vLLM开源的一个适用于 LLM 的高吞吐量和内存高效推理和服务引擎。 vLLM 0.5.5至0.18.0之前版本存在输入验证错误漏洞,该漏洞源于音频单声道下混算法与国际标准不一致,可能导致AI模型处理的音频与人类听到的音频存在差异。
CVSS Information
N/A
Vulnerability Type
N/A