CVE-2025-23275
published 2025-09-24CVE-2025-23275: NVIDIA CUDA Toolkit for all platforms contains a vulnerability in nvJPEG where a local authenticated user may cause a GPU out-of-bounds write by providing…
high7.1CVSS 3.1
AVLACLPRLUINSUCHINAH
NVIDIA CUDA Toolkit for all platforms contains a vulnerability in nvJPEG where a local authenticated user may cause a GPU out-of-bounds write by providing certain image dimensions. A successful exploit of this vulnerability may lead to denial of service and information disclosure.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | nvidia-cuda-toolkit | — | — |
| nvidia | cuda_toolkit | < 13.0.0 | 13.0.0 |
| nvidia | nvidia_cuda_toolkit | — | — |
| nvidia | nvjpeg | — | — |
CVSS provenance
nvdv3.17.1HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
osv7.1HIGH