CVE-2024-0145: CWE-122 Heap-based Buffer Overflow in NVIDIA nvJPEG2000
CVE-2024-0145 is a heap-based buffer overflow vulnerability in NVIDIA's nvJPEG2000 library version 0. 8. 0. It can be triggered by processing a specially crafted JPEG2000 file, potentially allowing an attacker to execute arbitrary code and tamper with data. Exploitation requires no privileges but does need user interaction to process the malicious file. The vulnerability impacts confidentiality indirectly but primarily threatens integrity and availability. The CVSS score is 6. 8 (medium severity) due to the complexity of exploitation and required user interaction. No known exploits are currently reported in the wild. Organizations using NVIDIA's nvJPEG2000 for image processing should prioritize patching once available and implement strict file validation and sandboxing to mitigate risks.
AI Analysis
Technical Summary
CVE-2024-0145 is a heap-based buffer overflow vulnerability identified in NVIDIA's nvJPEG2000 library version 0.8.0, which is used for decoding JPEG2000 image files. The vulnerability arises when the library processes a specially crafted JPEG2000 file that triggers a buffer overflow on the heap, a memory region used for dynamic allocation. This overflow can corrupt adjacent memory, potentially enabling an attacker to execute arbitrary code or manipulate data within the affected process. The flaw is classified under CWE-122, indicating improper memory handling leading to buffer overflow. Exploitation requires no privileges but does require user interaction, such as opening or processing a malicious JPEG2000 image. The CVSS v3.1 base score is 6.8, reflecting a medium severity level due to the network attack vector, high complexity, no privileges required, but user interaction needed. The vulnerability affects version 0.8.0 of the nvJPEG2000 library, and no patches or known exploits are currently reported. Successful exploitation could allow attackers to compromise the integrity and availability of systems that utilize this library for image decoding, potentially leading to code execution within the context of the vulnerable application.
Potential Impact
The primary impact of CVE-2024-0145 is on the integrity and availability of systems using the vulnerable nvJPEG2000 library. An attacker could execute arbitrary code, leading to unauthorized data manipulation or service disruption. This could affect applications that process JPEG2000 images, including image viewers, editing software, or any system component relying on NVIDIA's nvJPEG2000 for image decoding. Although confidentiality impact is rated as none, the ability to execute code and tamper with data can lead to broader compromise, including lateral movement or persistence within affected environments. Organizations in sectors such as media, defense, scientific research, and any industry relying on NVIDIA GPU-accelerated image processing are at risk. The requirement for user interaction limits mass exploitation but targeted attacks remain a concern. The absence of known exploits in the wild currently reduces immediate risk but does not eliminate future threat potential.
Mitigation Recommendations
1. Monitor NVIDIA's official channels for patches or updates addressing CVE-2024-0145 and apply them promptly once available. 2. Implement strict input validation and sanitization for JPEG2000 files before processing, including using file integrity checks or whitelisting trusted sources. 3. Employ sandboxing or containerization techniques to isolate the nvJPEG2000 processing environment, limiting the impact of potential exploitation. 4. Restrict user ability to open untrusted JPEG2000 files, especially in high-risk environments. 5. Use application-level controls to detect anomalous behavior during image processing, such as unexpected memory usage or crashes. 6. Conduct regular security assessments and fuzz testing on image processing components to identify similar vulnerabilities proactively. 7. Educate users about the risks of opening files from untrusted sources to reduce the likelihood of successful exploitation.
Affected Countries
United States, China, Germany, Japan, South Korea, France, United Kingdom, Canada, India, Russia
CVE-2024-0145: CWE-122 Heap-based Buffer Overflow in NVIDIA nvJPEG2000
Description
CVE-2024-0145 is a heap-based buffer overflow vulnerability in NVIDIA's nvJPEG2000 library version 0. 8. 0. It can be triggered by processing a specially crafted JPEG2000 file, potentially allowing an attacker to execute arbitrary code and tamper with data. Exploitation requires no privileges but does need user interaction to process the malicious file. The vulnerability impacts confidentiality indirectly but primarily threatens integrity and availability. The CVSS score is 6. 8 (medium severity) due to the complexity of exploitation and required user interaction. No known exploits are currently reported in the wild. Organizations using NVIDIA's nvJPEG2000 for image processing should prioritize patching once available and implement strict file validation and sandboxing to mitigate risks.
AI-Powered Analysis
Technical Analysis
CVE-2024-0145 is a heap-based buffer overflow vulnerability identified in NVIDIA's nvJPEG2000 library version 0.8.0, which is used for decoding JPEG2000 image files. The vulnerability arises when the library processes a specially crafted JPEG2000 file that triggers a buffer overflow on the heap, a memory region used for dynamic allocation. This overflow can corrupt adjacent memory, potentially enabling an attacker to execute arbitrary code or manipulate data within the affected process. The flaw is classified under CWE-122, indicating improper memory handling leading to buffer overflow. Exploitation requires no privileges but does require user interaction, such as opening or processing a malicious JPEG2000 image. The CVSS v3.1 base score is 6.8, reflecting a medium severity level due to the network attack vector, high complexity, no privileges required, but user interaction needed. The vulnerability affects version 0.8.0 of the nvJPEG2000 library, and no patches or known exploits are currently reported. Successful exploitation could allow attackers to compromise the integrity and availability of systems that utilize this library for image decoding, potentially leading to code execution within the context of the vulnerable application.
Potential Impact
The primary impact of CVE-2024-0145 is on the integrity and availability of systems using the vulnerable nvJPEG2000 library. An attacker could execute arbitrary code, leading to unauthorized data manipulation or service disruption. This could affect applications that process JPEG2000 images, including image viewers, editing software, or any system component relying on NVIDIA's nvJPEG2000 for image decoding. Although confidentiality impact is rated as none, the ability to execute code and tamper with data can lead to broader compromise, including lateral movement or persistence within affected environments. Organizations in sectors such as media, defense, scientific research, and any industry relying on NVIDIA GPU-accelerated image processing are at risk. The requirement for user interaction limits mass exploitation but targeted attacks remain a concern. The absence of known exploits in the wild currently reduces immediate risk but does not eliminate future threat potential.
Mitigation Recommendations
1. Monitor NVIDIA's official channels for patches or updates addressing CVE-2024-0145 and apply them promptly once available. 2. Implement strict input validation and sanitization for JPEG2000 files before processing, including using file integrity checks or whitelisting trusted sources. 3. Employ sandboxing or containerization techniques to isolate the nvJPEG2000 processing environment, limiting the impact of potential exploitation. 4. Restrict user ability to open untrusted JPEG2000 files, especially in high-risk environments. 5. Use application-level controls to detect anomalous behavior during image processing, such as unexpected memory usage or crashes. 6. Conduct regular security assessments and fuzz testing on image processing components to identify similar vulnerabilities proactively. 7. Educate users about the risks of opening files from untrusted sources to reduce the likelihood of successful exploitation.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- nvidia
- Date Reserved
- 2023-12-02T00:42:55.933Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 69a0a43885912abc71d61ad0
Added to database: 2/26/2026, 7:51:20 PM
Last enriched: 2/26/2026, 9:47:21 PM
Last updated: 2/26/2026, 10:50:50 PM
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
CVE-2024-42056: n/a
MediumCVE-2024-3331: Vulnerability in Spotfire Spotfire Enterprise Runtime for R - Server Edition
MediumCVE-2024-32902: Denial of service in Google Android
HighCVE-2024-27218: Information disclosure in Google Android
MediumCVE-2026-3264: Execution After Redirect in go2ismail Free-CRM
MediumActions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.