Heap-Based Buffer Overflow in NVIDIA nvJPEG2000 Library
CVE-2024-0145

6.8MEDIUM

Key Information:

Vendor: Nvidia
Status: Nvjpeg2000
Vendor: CVE Published:; 12 February 2025

Summary

The NVIDIA nvJPEG2000 library has a critical vulnerability that allows attackers to exploit a heap-based buffer overflow. By sending specially crafted JPEG2000 files, an attacker can achieve unauthorized code execution and potentially manipulate data within affected systems. This vulnerability poses a significant security risk, emphasizing the need for prompt patching and mitigative strategies to protect data integrity and system functionality.

Affected Version(s)

nvJPEG2000 Linux x86_64 0.8.0

References

https://nvidia.custhelp.com/app/answers/detail/a_id/5596

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Feb 12, 2025
Vulnerability Reserved
Dec 2, 2023