CVE-2025-23272

CWE-125Out-of-bounds Read5 documents5 sources
Severity
5.7MEDIUM
EPSS
0.0%
top 96.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Nvidia Nvidia Cuda ToolkitNvidia Nvjpeg
Timeline
PublishedSep 24

Description

NVIDIA nvJPEG library contains a vulnerability where an attacker can cause an out-of-bounds read by means of a specially crafted JPEG file. A successful exploit of this vulnerability might lead to information disclosure or denial of service.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:HExploitability: 1.4 | Impact: 4.2

Affected Packages2 packages

CVEListV5nvidia/nvjpegAll versions prior to nvJPEG 25.03
CVEListV5nvidia/nvidia_cuda_toolkitAll versions prior to CUDA Toolkit 12.9 Update 1

🔴Vulnerability Details

3
OSV
CVE-2025-23272: NVIDIA nvJPEG library contains a vulnerability where an attacker can cause an out-of-bounds read by means of a specially crafted JPEG file2025-09-24
GHSA
GHSA-x8j2-6cf3-rj3q: NVIDIA nvJPEG library contains a vulnerability where an attacker can cause an out-of-bounds read by means of a specially crafted JPEG file2025-09-24
CVEList
CVE-2025-23272: NVIDIA nvJPEG library contains a vulnerability where an attacker can cause an out-of-bounds read by means of a specially crafted JPEG file2025-09-24

📋Vendor Advisories

1
Debian
CVE-2025-23272: nvidia-cuda-toolkit - NVIDIA nvJPEG library contains a vulnerability where an attacker can cause an ou...2025
CVE-2025-23272 (MEDIUM CVSS 5.7) | NVIDIA nvJPEG library contains a vu | cvebase.io