Out-of-Bounds Write Vulnerability in NVIDIA nvJPEG2000 Library
CVE-2024-0143

6.8MEDIUM

Key Information:

Vendor
Nvidia
Vendor
CVE Published:
12 February 2025

What is CVE-2024-0143?

CVE-2024-0143 is a notable vulnerability found in the NVIDIA nvJPEG2000 library, which is designed for processing JPEG2000 image formats. This vulnerability arises from an out-of-bounds write condition that can be exploited by attackers through the use of specially crafted JPEG2000 files. If successfully exploited, this vulnerability poses a serious threat as it can lead to unintended code execution and potential data manipulation, thereby compromising the integrity and security of affected systems.

Technical Details

The vulnerability within the NVIDIA nvJPEG2000 library is categorized as an out-of-bounds write issue. This occurs when an application writes data outside the bounds of allocated memory, which can result in unpredictable behavior, including crashes, data corruption, or unauthorized access to sensitive information. Attackers can trigger this flaw by supplying a malicious JPEG2000 file, which the library processes, prompting the out-of-bounds write behavior. Such technical misunderstandings in memory handling, if exploited, can lead to significant security breaches.

Potential Impact of CVE-2024-0143

  1. Remote Code Execution: One of the most severe impacts of this vulnerability is the potential for remote code execution. Attackers may gain the ability to execute arbitrary code on affected systems, compromising the system's integrity.

  2. Data Tampering: Successful exploitation can lead to data tampering, where attackers alter, corrupt, or manipulate data. This can disrupt business operations, lead to misinformation, and compromise sensitive information.

  3. System Compromise: The ability to execute arbitrary code and manipulate data opens doorways for complete system compromise, potentially allowing attackers to install malware, establish backdoors, or exfiltrate sensitive data, further endangering organizational security.

Affected Version(s)

nvJPEG2000 Linux x86_64 0.8.0

References

CVSS V3.1

Score:
6.8
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.