Skip to content

GitLab

"...git@developer.sourcefind.cn:2222/OpenDAS/vllm_cscc.git" did not exist on "8aa1485fcff7be3e42300c0615ee0f3f3cbce9a8"
Unverified Commit b6824ae0 authored by dagil-nvidia's avatar dagil-nvidia Committed by GitHub
Browse files

fix: restrict Image.open() formats to prevent PSD parsing (workaround) (#6212) 


Signed-off-by: default avatarDan Gil <dagil@nvidia.com>
Co-authored-by: default avatarCursor <cursoragent@cursor.com>
parent 2c6e6d22
Hide whitespace changes
Inline Side-by-side
Showing with 12 additions and 3 deletions
components/src/dynamo/sglang/multimodal_utils/multimodal_image_loader.py
View file @ b6824ae0
...@@ -91,7 +91,10 @@ class ImageLoader: ...@@ -91,7 +91,10 @@ class ImageLoader:
raise ValueError(f"Invalid image source scheme: {parsed_url.scheme}") raise ValueError(f"Invalid image source scheme: {parsed_url.scheme}")
# PIL is sync, so offload to a thread to avoid blocking the event loop # PIL is sync, so offload to a thread to avoid blocking the event loop
image = await asyncio.to_thread(Image.open, image_data) # Restrict to supported formats to prevent PSD parsing (GHSA-cfh3-3jmp-rvhc)
image = await asyncio.to_thread(
Image.open, image_data, formats=["JPEG", "PNG", "WEBP"]
)
# Validate image format and convert to RGB # Validate image format and convert to RGB
if image.format not in ("JPEG", "PNG", "WEBP"): if image.format not in ("JPEG", "PNG", "WEBP"):
......
components/src/dynamo/vllm/multimodal_utils/image_loader.py
View file @ b6824ae0
...@@ -78,7 +78,10 @@ class ImageLoader: ...@@ -78,7 +78,10 @@ class ImageLoader:
raise ValueError(f"Invalid image source scheme: {parsed_url.scheme}") raise ValueError(f"Invalid image source scheme: {parsed_url.scheme}")
# PIL is sync, so offload to a thread to avoid blocking the event loop # PIL is sync, so offload to a thread to avoid blocking the event loop
image = await asyncio.to_thread(Image.open, image_data) # Restrict to supported formats to prevent PSD parsing (GHSA-cfh3-3jmp-rvhc)
image = await asyncio.to_thread(
Image.open, image_data, formats=["JPEG", "PNG", "WEBP"]
)
# Validate image format and convert to RGB # Validate image format and convert to RGB
if image.format not in ("JPEG", "PNG", "WEBP"): if image.format not in ("JPEG", "PNG", "WEBP"):
......
examples/multimodal/utils/image_loader.py
View file @ b6824ae0
...@@ -78,7 +78,10 @@ class ImageLoader: ...@@ -78,7 +78,10 @@ class ImageLoader:
raise ValueError(f"Invalid image source scheme: {parsed_url.scheme}") raise ValueError(f"Invalid image source scheme: {parsed_url.scheme}")
# PIL is sync, so offload to a thread to avoid blocking the event loop # PIL is sync, so offload to a thread to avoid blocking the event loop
image = await asyncio.to_thread(Image.open, image_data) # Restrict to supported formats to prevent PSD parsing (GHSA-cfh3-3jmp-rvhc)
image = await asyncio.to_thread(
Image.open, image_data, formats=["JPEG", "PNG", "WEBP"]
)
# Validate image format and convert to RGB # Validate image format and convert to RGB
if image.format not in ("JPEG", "PNG", "WEBP"): if image.format not in ("JPEG", "PNG", "WEBP"):
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment