Lucene search

MitreCVE-2013-6629

HistoryNov 19, 2013 - 4:50 a.m.

CVE-2013-6629

2013-11-1904:50:56

CWE-200

mitre

web.nvd.nist.gov

7712

cve-2013-6629

libjpeg

libjpeg-turbo

jpeg markers

information security

vulnerability

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.1

Confidence

High

EPSS

0.003

Percentile

68.6%

JSON

The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image.

Affected configurations

Nvd

Node

googlechromeRange<31.0.1650.48

Node

oraclesolarisMatch11.3

Node

artifexgpl_ghostscriptRange<9.03

Node

libjpeg-turbolibjpeg-turboRange<1.3.1

Node

fedoraprojectfedoraMatch18

fedoraprojectfedoraMatch19

fedoraprojectfedoraMatch20

Node

opensuseopensuseMatch12.2

opensuseopensuseMatch12.3

opensuseopensuseMatch13.1

Node

canonicalubuntu_linuxMatch10.04-

canonicalubuntu_linuxMatch12.04-

canonicalubuntu_linuxMatch12.10

canonicalubuntu_linuxMatch13.04

canonicalubuntu_linuxMatch13.10

Node

debiandebian_linuxMatch7.0

debiandebian_linuxMatch8.0

Node

mozillafirefoxRange<26.0

mozillafirefox_esrRange<24.2

mozillaseamonkeyRange<2.23

mozillathunderbirdRange<24.2.0

VendorProductVersionCPE
googlechrome*cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
oraclesolaris11.3cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*
artifexgpl_ghostscript*cpe:2.3:a:artifex:gpl_ghostscript:*:*:*:*:*:*:*:*
libjpeg-turbolibjpeg-turbo*cpe:2.3:a:libjpeg-turbo:libjpeg-turbo:*:*:*:*:*:*:*:*
fedoraprojectfedora18cpe:2.3:o:fedoraproject:fedora:18:*:*:*:*:*:*:*
fedoraprojectfedora19cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*
fedoraprojectfedora20cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*
opensuseopensuse12.2cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*
opensuseopensuse12.3cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*
opensuseopensuse13.1cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
google	chrome	*	cpe:2.3:a:google:chrome::::::::
oracle	solaris	11.3	cpe:2.3:o:oracle:solaris:11.3:::::::*
artifex	gpl_ghostscript	*	cpe:2.3:a:artifex:gpl_ghostscript::::::::
libjpeg-turbo	libjpeg-turbo	*	cpe:2.3:a:libjpeg-turbo:libjpeg-turbo::::::::
fedoraproject	fedora	18	cpe:2.3:o:fedoraproject:fedora:18:::::::*
fedoraproject	fedora	19	cpe:2.3:o:fedoraproject:fedora:19:::::::*
fedoraproject	fedora	20	cpe:2.3:o:fedoraproject:fedora:20:::::::*
opensuse	opensuse	12.2	cpe:2.3:o:opensuse:opensuse:12.2:::::::*
opensuse	opensuse	12.3	cpe:2.3:o:opensuse:opensuse:12.3:::::::*
opensuse	opensuse	13.1	cpe:2.3:o:opensuse:opensuse:13.1:::::::*

Rows per page:

1-10 of 211

References

advisories.mageia.org/MGASA-2013-0333.html

archives.neohapsis.com/archives/fulldisclosure/2013-11/0080.html

bugs.ghostscript.com/show_bug.cgi?id=686980

googlechromereleases.blogspot.com/2013/11/stable-channel-update.html

kb.juniper.net/InfoCenter/index?page=content&id=JSA10705

lists.fedoraproject.org/pipermail/package-announce/2013-December/123437.html

lists.fedoraproject.org/pipermail/package-announce/2013-December/124108.html

lists.fedoraproject.org/pipermail/package-announce/2013-December/124257.html

lists.fedoraproject.org/pipermail/package-announce/2014-January/125470.html

lists.opensuse.org/opensuse-security-announce/2013-11/msg00025.html

lists.opensuse.org/opensuse-security-announce/2013-11/msg00026.html

lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html

lists.opensuse.org/opensuse-updates/2013-12/msg00085.html

lists.opensuse.org/opensuse-updates/2013-12/msg00086.html

lists.opensuse.org/opensuse-updates/2013-12/msg00087.html

lists.opensuse.org/opensuse-updates/2013-12/msg00119.html

lists.opensuse.org/opensuse-updates/2013-12/msg00120.html

lists.opensuse.org/opensuse-updates/2013-12/msg00121.html

lists.opensuse.org/opensuse-updates/2014-01/msg00002.html

lists.opensuse.org/opensuse-updates/2014-01/msg00042.html

marc.info/?l=bugtraq&m=140852886808946&w=2

marc.info/?l=bugtraq&m=140852974709252&w=2

rhn.redhat.com/errata/RHSA-2013-1803.html

rhn.redhat.com/errata/RHSA-2013-1804.html

secunia.com/advisories/56175

secunia.com/advisories/58974

secunia.com/advisories/59058

security.gentoo.org/glsa/glsa-201406-32.xml

support.apple.com/kb/HT6150

support.apple.com/kb/HT6162

support.apple.com/kb/HT6163

www-01.ibm.com/support/docview.wss?uid=swg21672080

www-01.ibm.com/support/docview.wss?uid=swg21676746

www.debian.org/security/2013/dsa-2799

www.mandriva.com/security/advisories?name=MDVSA-2013:273

www.mozilla.org/security/announce/2013/mfsa2013-116.html

www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html

www.securityfocus.com/bid/63676

www.securitytracker.com/id/1029470

www.securitytracker.com/id/1029476

www.ubuntu.com/usn/USN-2052-1

www.ubuntu.com/usn/USN-2053-1

www.ubuntu.com/usn/USN-2060-1

access.redhat.com/errata/RHSA-2014:0413

access.redhat.com/errata/RHSA-2014:0414

bugzilla.mozilla.org/show_bug.cgi?id=891693

code.google.com/p/chromium/issues/detail?id=258723

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2013-6629

security.gentoo.org/glsa/201606-03

src.chromium.org/viewvc/chrome?revision=229729&view=revision

www.ibm.com/support/docview.wss?uid=swg21675973

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.1

Confidence

High

EPSS

0.003

Percentile

68.6%

JSON

CVE-2013-6629

Affected configurations

References

Related