CVE-2025-23274
published 2025-09-24CVE-2025-23274: NVIDIA nvJPEG contains a vulnerability in jpeg encoding where a user may cause an out-of-bounds read by providing a maliciously crafted input image with…
medium4.5CVSS 3.1
AVLACHPRLUINSUCLILAL
NVIDIA nvJPEG contains a vulnerability in jpeg encoding where a user may cause an out-of-bounds read by providing a maliciously crafted input image with dimensions that cause integer overflows in array index calculations. A successful exploit of this vulnerability may lead to denial of service.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | nvidia-cuda-toolkit | — | — |
| nvidia | nvidia_cuda_toolkit | — | — |
| nvidia | nvjpeg | — | — |
CVSS provenance
nvdv3.14.5MEDIUMCVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
osv4.5MEDIUM