CVE-2025-23272

Summary

NVIDIA nvJPEG library contains a vulnerability where an attacker can cause an out-of-bounds read by means of a specially crafted JPEG file. A successful exploit of this vulnerability might lead to information disclosure or denial of service.

Affected Software

VendorProductVersion RangeStatus
NVIDIANVIDIA CUDA ToolkitAll versions prior to CUDA Toolkit 12.9 Update 1affected
NVIDIAnvJPEGAll versions prior to nvJPEG 25.03affected

Weaknesses

  • CWE-125: CWE-125 Out-of-bounds Read

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References