CVE-2013-6629

The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image.
References
Link Resource
https://code.google.com/p/chromium/issues/detail?id=258723
https://src.chromium.org/viewvc/chrome?revision=229729&view=revision
http://archives.neohapsis.com/archives/fulldisclosure/2013-11/0080.html
http://bugs.ghostscript.com/show_bug.cgi?id=686980
http://googlechromereleases.blogspot.com/2013/11/stable-channel-update.html Vendor Advisory
http://www.mozilla.org/security/announce/2013/mfsa2013-116.html
https://bugzilla.mozilla.org/show_bug.cgi?id=891693 Issue Tracking
http://www.debian.org/security/2013/dsa-2799
http://rhn.redhat.com/errata/RHSA-2013-1803.html
http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00025.html
http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html
http://rhn.redhat.com/errata/RHSA-2013-1804.html
http://www.ubuntu.com/usn/USN-2053-1
http://www.ubuntu.com/usn/USN-2052-1
http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00026.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123437.html
http://lists.opensuse.org/opensuse-updates/2013-12/msg00119.html
http://lists.opensuse.org/opensuse-updates/2013-12/msg00121.html
http://lists.opensuse.org/opensuse-updates/2013-12/msg00120.html
http://secunia.com/advisories/56175
http://lists.opensuse.org/opensuse-updates/2014-01/msg00002.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124108.html
http://lists.opensuse.org/opensuse-updates/2013-12/msg00086.html
http://www.ubuntu.com/usn/USN-2060-1
http://lists.opensuse.org/opensuse-updates/2013-12/msg00085.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-January/125470.html
http://lists.opensuse.org/opensuse-updates/2013-12/msg00087.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124257.html
http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html
http://support.apple.com/kb/HT6150
http://www.mandriva.com/security/advisories?name=MDVSA-2013:273
http://advisories.mageia.org/MGASA-2013-0333.html
http://support.apple.com/kb/HT6163
http://support.apple.com/kb/HT6162
http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html
http://www-01.ibm.com/support/docview.wss?uid=swg21672080
http://www-01.ibm.com/support/docview.wss?uid=swg21676746
http://secunia.com/advisories/58974
http://secunia.com/advisories/59058
https://www.ibm.com/support/docview.wss?uid=swg21675973
http://security.gentoo.org/glsa/glsa-201406-32.xml
http://www.securitytracker.com/id/1029476
http://www.securitytracker.com/id/1029470
https://security.gentoo.org/glsa/201606-03
http://marc.info/?l=bugtraq&m=140852974709252&w=2
http://marc.info/?l=bugtraq&m=140852886808946&w=2
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2013-6629
http://www.securityfocus.com/bid/63676
https://access.redhat.com/errata/RHSA-2014:0414
https://access.redhat.com/errata/RHSA-2014:0413
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:google:chrome:31.0.1650.43:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:31.0.1650.42:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:31.0.1650.41:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:31.0.1650.33:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:31.0.1650.32:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:31.0.1650.25:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:31.0.1650.23:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:31.0.1650.14:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:31.0.1650.13:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:31.0.1650.6:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:31.0.1650.5:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:31.0.1650.22:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:31.0.1650.11:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:31.0.1650.31:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:31.0.1650.28:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:31.0.1650.4:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:31.0.1650.2:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:31.0.1650.39:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:31.0.1650.38:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:31.0.1650.36:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:31.0.1650.19:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:31.0.1650.20:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:31.0.1650.10:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:31.0.1650.46:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:31.0.1650.37:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:31.0.1650.29:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:31.0.1650.9:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:31.0.1650.3:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:31.0.1650.12:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:31.0.1650.30:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:31.0.1650.0:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:31.0.1650.18:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:31.0.1650.45:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:31.0.1650.26:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:31.0.1650.16:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:31.0.1650.34:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:31.0.1650.44:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:31.0.1650.17:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:31.0.1650.7:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:31.0.1650.8:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:31.0.1650.15:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:31.0.1650.35:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:31.0.1650.27:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:a:artifex:gpl_ghostscript:-:*:*:*:*:*:*:*

Information

Published : 2013-11-18 20:50

Updated : 2018-01-04 18:29


NVD link : CVE-2013-6629

Mitre link : CVE-2013-6629


JSON object : View

CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

Advertisement

dedicated server usa

Products Affected

artifex

  • gpl_ghostscript

google

  • chrome

oracle

  • solaris