Input Validation Flaw in NVIDIA nvJPEG2000 Library
CVE-2023-31028

2.8LOW

Key Information:

Vendor: Nvidia
Status: Nvjpeg2000 Library
Vendor: CVE Published:; 5 April 2024

Summary

The NVIDIA nvJPEG2000 Library for both Windows and Linux is exposed to an input validation vulnerability that allows attackers to craft specific input files. If successfully exploited, this flaw may result in a partial denial of service. Proper validation measures are essential to mitigate the risks associated with improperly handling input, emphasizing the need for robust security protocols in software development.

Affected Version(s)

nvJPEG2000 Library All versions prior to nvJPEG2000 v0.7.x

References

https://nvidia.custhelp.com/app/answers/detail/a_id/5517

CVSS V3.1

Score:

2.8

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Apr 5, 2024