CVE-2025-23274

CWE-125Out-of-bounds Read5 documents5 sources
Severity
4.5MEDIUM
EPSS
0.0%
top 96.26%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Nvidia Nvidia Cuda ToolkitNvidia Nvjpeg
Timeline
PublishedSep 24

Description

NVIDIA nvJPEG contains a vulnerability in jpeg encoding where a user may cause an out-of-bounds read by providing a maliciously crafted input image with dimensions that cause integer overflows in array index calculations. A successful exploit of this vulnerability may lead to denial of service.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:LExploitability: 1.0 | Impact: 3.4

Affected Packages2 packages

CVEListV5nvidia/nvjpegAll versions prior to nvJPEG 13.0.0
CVEListV5nvidia/nvidia_cuda_toolkitAll versions prior to CUDA Toolkit 13.0

🔴Vulnerability Details

3
GHSA
GHSA-wgw9-m369-f899: NVIDIA nvJPEG contains a vulnerability in jpeg encoding where a user may cause an out-of-bounds read by providing a maliciously crafted input image wi2025-09-24
OSV
CVE-2025-23274: NVIDIA nvJPEG contains a vulnerability in jpeg encoding where a user may cause an out-of-bounds read by providing a maliciously crafted input image wi2025-09-24
CVEList
CVE-2025-23274: NVIDIA nvJPEG contains a vulnerability in jpeg encoding where a user may cause an out-of-bounds read by providing a maliciously crafted input image wi2025-09-24

📋Vendor Advisories

1
Debian
CVE-2025-23274: nvidia-cuda-toolkit - NVIDIA nvJPEG contains a vulnerability in jpeg encoding where a user may cause a...2025
CVE-2025-23274 (MEDIUM CVSS 4.5) | NVIDIA nvJPEG contains a vulnerabil | cvebase.io