Oxcabe

**Name of the Vulnerable Software and Affected Versions** vLLM versions 0.6.4 through 0.11.9 **Description** vLLM is an inference and serving engine for large language models (LLMs). Users can cause the vLLM engine to crash when serving multimodal models that utilize the Idefics3 vision model implementation. This is achieved by submitting a specifically designed 1x1 pixel image. The crafted image triggers a tensor dimension mismatch, resulting in an unhandled runtime error and complete server termination. **Recommendations** Update to version 0.12.0 or later.