CVE-2025-23273

Description

NVIDIA CUDA Toolkit for all platforms contains a vulnerability in nvJPEG where a local authenticated user may cause a divide by zero error by submitting a specially crafted JPEG file. A successful exploit of this vulnerability may lead to denial of service.

CVSS breakdown

CVSS 3.1

Attack Vector

Local

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

Low

Affected products

NVIDIA / NVIDIA CUDA ToolkitAll versions prior to CUDA Toolkit 13.0 – All versions prior to CUDA Toolkit 13.0
NVIDIA / nvJPEGAll versions prior to nvJPEG 13.0.0 – All versions prior to nvJPEG 13.0.0

References

CONFIRMhttps://nvd.nist.gov/vuln/detail/CVE-2025-23273
CONFIRMhttps://www.cve.org/CVERecord?id=CVE-2025-23273
MISChttps://nvidia.custhelp.com/app/answers/detail/a_id/5661