CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
EPSS
Percentile
68.6%
CentOS Errata and Security Advisory CESA-2013:1804
The libjpeg package contains a library of functions for manipulating JPEG
images. It also contains simple client programs for accessing the
libjpeg functions.
An uninitialized memory read issue was found in the way libjpeg decoded
images with missing Start Of Scan (SOS) JPEG markers. A remote attacker
could create a specially crafted JPEG image that, when decoded, could
possibly lead to a disclosure of potentially sensitive information.
(CVE-2013-6629)
All libjpeg users are advised to upgrade to this updated package, which
contains a backported patch to correct this issue.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2013-December/082215.html
Affected packages:
libjpeg
libjpeg-devel
Upstream details at:
https://access.redhat.com/errata/RHSA-2013:1804
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 5 | i386 | libjpeg | <Â 6b-38 | libjpeg-6b-38.i386.rpm |
CentOS | 5 | i386 | libjpeg-devel | <Â 6b-38 | libjpeg-devel-6b-38.i386.rpm |
CentOS | 5 | i386 | libjpeg | <Â 6b-38 | libjpeg-6b-38.i386.rpm |
CentOS | 5 | x86_64 | libjpeg | <Â 6b-38 | libjpeg-6b-38.x86_64.rpm |
CentOS | 5 | i386 | libjpeg-devel | <Â 6b-38 | libjpeg-devel-6b-38.i386.rpm |
CentOS | 5 | x86_64 | libjpeg-devel | <Â 6b-38 | libjpeg-devel-6b-38.x86_64.rpm |