CVE-2025-23272

Description

NVIDIA nvJPEG library contains a vulnerability where an attacker can cause an out-of-bounds read by means of a specially crafted JPEG file. A successful exploit of this vulnerability might lead to information disclosure or denial of service.

CVSS breakdown

CVSS 3.1

Attack Vector

Local

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

High

Affected products

NVIDIA / NVIDIA CUDA ToolkitAll versions prior to CUDA Toolkit 12.9 Update 1 – All versions prior to CUDA Toolkit 12.9 Update 1
NVIDIA / nvJPEGAll versions prior to nvJPEG 25.03 – All versions prior to nvJPEG 25.03

References

CONFIRMhttps://nvd.nist.gov/vuln/detail/CVE-2025-23272
CONFIRMhttps://www.cve.org/CVERecord?id=CVE-2025-23272
MISChttps://nvidia.custhelp.com/app/answers/detail/a_id/5661