NVIDIA nvJPEG Library Vulnerability Exposes JPEG Processing Risks
CVE-2025-23272

5.7MEDIUM

Key Information:

Vendor: Nvidia
Status: Nvidia Cuda Toolkit; Nvjpeg
Vendor: CVE Published:; 24 September 2025

What is CVE-2025-23272?

The NVIDIA nvJPEG library has a vulnerability allowing attackers to exploit out-of-bounds read conditions through specially crafted JPEG files. This issue can lead to potential information disclosure or cause denial of service, compromising the integrity of applications utilizing the library for image processing. Proper precautions and updates are essential to mitigate risks associated with this vulnerability.

Affected Version(s)

NVIDIA CUDA Toolkit Windows All versions prior to CUDA Toolkit 12.9 Update 1

nvJPEG Linux x86_64 All versions prior to nvJPEG 25.03

References

https://nvd.nist.gov/vuln/detail/CVE-2025-23272

https://www.cve.org/CVERecord?id=CVE-2025-23272

https://nvidia.custhelp.com/app/answers/detail/a_id/5661

CVSS V3.1

Score:

5.7

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 24, 2025
Vulnerability Reserved
Jan 14, 2025

JSON

Nvidia

What is CVE-2025-23272?

Affected Version(s)

References

CVSS V3.1

Timeline