CVE-2025-23274

Summary

NVIDIA nvJPEG contains a vulnerability in jpeg encoding where a user may cause an out-of-bounds read by providing a maliciously crafted input image with dimensions that cause integer overflows in array index calculations. A successful exploit of this vulnerability may lead to denial of service.

Affected Software

VendorProductVersion RangeStatus
NVIDIANVIDIA CUDA ToolkitAll versions prior to CUDA Toolkit 13.0affected
NVIDIAnvJPEGAll versions prior to nvJPEG 13.0.0affected

Weaknesses

  • CWE-125: CWE-125 Out-of-bounds Read

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References