Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 760708 (CVE-2020-5991) - <dev-util/nvidia-cuda-toolkit-11.1.1: OOB read/write in vulnerable NVJPEG library (CVE-2020-5991)
Summary: <dev-util/nvidia-cuda-toolkit-11.1.1: OOB read/write in vulnerable NVJPEG lib...
Alias: CVE-2020-5991
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal trivial (vote)
Assignee: Gentoo Security
Whiteboard: ~1 [cleanup]
Keywords: PullRequest
Depends on:
Reported: 2020-12-19 08:56 UTC by John Helmert III
Modified: 2021-07-29 18:13 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III gentoo-dev Security 2020-12-19 08:56:11 UTC
CVE-2020-5991 (

NVIDIA CUDA Toolkit, all versions prior to 11.1.1, contains a vulnerability in the NVJPEG library in which an out-of-bounds read or write operation may lead to code execution, denial of service, or information disclosure.

Maintainers, please cleanup.
Comment 1 Larry the Git Cow gentoo-dev 2020-12-27 20:09:13 UTC
The bug has been referenced in the following commit(s):

commit ca72dce41454b63e96cec1fc1e4e34ea0b48a315
Author:     David Seifert <>
AuthorDate: 2020-12-27 20:08:56 +0000
Commit:     David Seifert <>
CommitDate: 2020-12-27 20:08:56 +0000

    dev-util/nvidia-cuda-toolkit: Version bump to 11.2.0
    Package-Manager: Portage-3.0.12, Repoman-3.0.2
    Signed-off-by: David Seifert <>

 dev-util/nvidia-cuda-toolkit/Manifest              |   1 +
 ...da-toolkit-11.2.0-nsight-systems-launcher.patch |  12 +
 .../nvidia-cuda-toolkit-11.2.0.ebuild              | 258 +++++++++++++++++++++
 3 files changed, 271 insertions(+)
Comment 2 NATTkA bot gentoo-dev 2021-07-29 17:24:58 UTC Comment hidden (obsolete)
Comment 3 NATTkA bot gentoo-dev 2021-07-29 17:33:30 UTC Comment hidden (obsolete)
Comment 4 NATTkA bot gentoo-dev 2021-07-29 17:41:23 UTC Comment hidden (obsolete)
Comment 5 NATTkA bot gentoo-dev 2021-07-29 17:49:32 UTC Comment hidden (obsolete)
Comment 6 NATTkA bot gentoo-dev 2021-07-29 18:05:27 UTC Comment hidden (obsolete)
Comment 7 NATTkA bot gentoo-dev 2021-07-29 18:13:45 UTC
Package list is empty or all packages have requested keywords.