CVE-2025-23272
Public on 2025-09-24
Modified on 2025-09-30
Description
NVIDIA nvJPEG library contains a vulnerability where an attacker can cause an out-of-bounds read by means of a specially crafted JPEG file. A successful exploit of this vulnerability might lead to information disclosure or denial of service.
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 2023 | cuda | 2025-10-14 | ALAS2023NVIDIA-2025-237 | Fixed |
| Amazon Linux 2023 | cuda-12-9 | 2025-10-14 | ALAS2023NVIDIA-2025-238 | Fixed |
| Amazon Linux 2023 | cuda-command-line-tools-12-9 | 2025-10-14 | ALAS2023NVIDIA-2025-236 | Fixed |
| Amazon Linux 2023 | cuda-compiler-12-9 | 2025-10-14 | ALAS2023NVIDIA-2025-235 | Fixed |
| Amazon Linux 2023 | cuda-cudart-12-9 | 2025-10-14 | ALAS2023NVIDIA-2025-233 | Fixed |
| Amazon Linux 2023 | cuda-cuobjdump-12-9 | 2025-10-14 | ALAS2023NVIDIA-2025-232 | Fixed |
| Amazon Linux 2023 | cuda-cupti-12-9 | 2025-10-14 | ALAS2023NVIDIA-2025-231 | Fixed |
| Amazon Linux 2023 | cuda-cuxxfilt-12-9 | 2025-10-14 | ALAS2023NVIDIA-2025-230 | Fixed |
| Amazon Linux 2023 | cuda-demo-suite-12-9 | 2025-10-14 | ALAS2023NVIDIA-2025-229 | Fixed |
| Amazon Linux 2023 | cuda-documentation-12-9 | 2025-10-14 | ALAS2023NVIDIA-2025-228 | Fixed |
| Amazon Linux 2023 | cuda-gdb-12-9 | 2025-10-14 | ALAS2023NVIDIA-2025-227 | Fixed |
| Amazon Linux 2023 | cuda-libraries-12-9 | 2025-10-14 | ALAS2023NVIDIA-2025-226 | Fixed |
| Amazon Linux 2023 | cuda-libraries-devel-12-9 | 2025-10-14 | ALAS2023NVIDIA-2025-225 | Fixed |
| Amazon Linux 2023 | cuda-minimal-build-12-9 | 2025-10-14 | ALAS2023NVIDIA-2025-224 | Fixed |
| Amazon Linux 2023 | cuda-nsight-12-9 | 2025-10-14 | ALAS2023NVIDIA-2025-223 | Fixed |
| Amazon Linux 2023 | cuda-nsight-compute-12-9 | 2025-10-14 | ALAS2023NVIDIA-2025-222 | Fixed |
| Amazon Linux 2023 | cuda-nsight-systems-12-9 | 2025-10-14 | ALAS2023NVIDIA-2025-221 | Fixed |
| Amazon Linux 2023 | cuda-nvcc-12-9 | 2025-10-14 | ALAS2023NVIDIA-2025-234 | Fixed |
| Amazon Linux 2023 | cuda-nvdisasm-12-9 | 2025-10-14 | ALAS2023NVIDIA-2025-220 | Fixed |
| Amazon Linux 2023 | cuda-nvml-devel-12-9 | 2025-10-14 | ALAS2023NVIDIA-2025-219 | Fixed |
| Amazon Linux 2023 | cuda-nvprof-12-9 | 2025-10-14 | ALAS2023NVIDIA-2025-218 | Fixed |
| Amazon Linux 2023 | cuda-nvprune-12-9 | 2025-10-14 | ALAS2023NVIDIA-2025-217 | Fixed |
| Amazon Linux 2023 | cuda-nvrtc-12-9 | 2025-10-14 | ALAS2023NVIDIA-2025-216 | Fixed |
| Amazon Linux 2023 | cuda-nvtx-12-9 | 2025-10-14 | ALAS2023NVIDIA-2025-215 | Fixed |
| Amazon Linux 2023 | cuda-nvvp-12-9 | 2025-10-14 | ALAS2023NVIDIA-2025-214 | Fixed |
| Amazon Linux 2023 | cuda-profiler-api-12-9 | 2025-10-14 | ALAS2023NVIDIA-2025-213 | Fixed |
| Amazon Linux 2023 | cuda-runtime-12-9 | 2025-10-14 | ALAS2023NVIDIA-2025-212 | Fixed |
| Amazon Linux 2023 | cuda-sanitizer-12-9 | 2025-10-14 | ALAS2023NVIDIA-2025-211 | Fixed |
| Amazon Linux 2023 | cuda-toolkit | 2025-10-14 | ALAS2023NVIDIA-2025-208 | Fixed |
| Amazon Linux 2023 | cuda-toolkit-12 | 2025-10-14 | ALAS2023NVIDIA-2025-210 | Fixed |
| Amazon Linux 2023 | cuda-toolkit-12-9 | 2025-10-14 | ALAS2023NVIDIA-2025-209 | Fixed |
| Amazon Linux 2023 | cuda-tools-12-9 | 2025-10-14 | ALAS2023NVIDIA-2025-207 | Fixed |
| Amazon Linux 2023 | cuda-visual-tools-12-9 | 2025-10-14 | ALAS2023NVIDIA-2025-206 | Fixed |
| Amazon Linux 2023 | libcublas-12-9 | 2025-10-14 | ALAS2023NVIDIA-2025-204 | Fixed |
| Amazon Linux 2023 | libcufft-12-9 | 2025-10-14 | ALAS2023NVIDIA-2025-203 | Fixed |
| Amazon Linux 2023 | libcufile-12-9 | 2025-10-14 | ALAS2023NVIDIA-2025-205 | Fixed |
| Amazon Linux 2023 | libcusolver-12-9 | 2025-10-14 | ALAS2023NVIDIA-2025-202 | Fixed |
| Amazon Linux 2023 | libcusparse-12-9 | 2025-10-14 | ALAS2023NVIDIA-2025-201 | Fixed |
| Amazon Linux 2023 | libnpp-12-9 | 2025-10-14 | ALAS2023NVIDIA-2025-200 | Fixed |
| Amazon Linux 2023 | libnvfatbin-12-9 | 2025-10-14 | ALAS2023NVIDIA-2025-199 | Fixed |
| Amazon Linux 2023 | libnvjitlink-12-9 | 2025-10-14 | ALAS2023NVIDIA-2025-198 | Fixed |
| Amazon Linux 2023 | libnvjpeg-12-5 | Pending Fix | ||
| Amazon Linux 2023 | libnvjpeg-12-6 | Pending Fix | ||
| Amazon Linux 2023 | libnvjpeg-12-8 | Pending Fix | ||
| Amazon Linux 2023 | libnvjpeg-12-9 | 2025-10-14 | ALAS2023NVIDIA-2025-197 | Fixed |
| Amazon Linux 2023 | libnvjpeg-13-0 | Not Affected | ||
| Amazon Linux 2023 | nvidia-gds | 2025-10-14 | ALAS2023NVIDIA-2025-195 | Fixed |
| Amazon Linux 2023 | nvidia-gds-12-9 | 2025-10-14 | ALAS2023NVIDIA-2025-196 | Fixed |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv3 | 5.3 | CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:H |