Google security researcher Michal Zalewski reported issues with JPEG format image processing with Start Of Scan (SOS) and Define Huffman Table (DHT) markers in the libjpeg library. This could allow for the possible reading of arbitrary memory content as well as cross-domain image theft.

Affected configurations

Vulners

Node

mozillafirefoxRange<26

mozillafirefox_esrRange<24.2

mozillaseamonkeyRange<2.23

mozillathunderbirdRange<24.2

CPENameOperatorVersion
firefoxlt26
firefox esrlt24.2
seamonkeylt2.23
thunderbirdlt24.2

Name	Operator	Version
firefox	lt	26
firefox esr	lt	24.2
seamonkey	lt	2.23
thunderbird	lt	24.2

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6629

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6630

bugzilla.mozilla.org/show_bug.cgi?id=891693

nessus 63

fedora 6

openvas 47

securityvulns 6

veracode 14

gentoo 1

oraclelinux 2

mageia 2

centos 2

amazon 1

redhat 4

ubuntu 3

cvelist 2

nvd 2

f5 4

debiancve 2

cve 2

prion 2

ubuntucve 2

mskb 8

mscve 1

kaspersky 3

slackware 1

symantec 1

ibm 7

threatpost 1

freebsd 2

chrome 1

debian 2

suse 4

osv 1

nessus

Mandriva Linux Security Advisory : libjpeg (MDVSA-2013:273)

2013-11-22 00:00:00

Fedora 20 : mingw-libjpeg-turbo-1.3.1-1.fc20 (2014-6870)

2014-06-10 00:00:00

RHEL 6 : libjpeg-turbo (RHSA-2013:1803)

2013-12-10 00:00:00

fedora

[SECURITY] Fedora 20 Update: libjpeg-turbo-1.3.0-2.fc20

2013-12-24 03:42:20

[SECURITY] Fedora 19 Update: libjpeg-turbo-1.2.90-3.fc19

2014-01-10 07:56:56

[SECURITY] Fedora 19 Update: mingw-libjpeg-turbo-1.3.1-1.fc19

2014-06-10 03:13:25

openvas

Ubuntu: Security Advisory (USN-2060-1)

2013-12-23 00:00:00

CentOS Update for libjpeg-turbo CESA-2013:1803 centos6

2013-12-17 00:00:00

Fedora Update for mingw-libjpeg-turbo FEDORA-2014-6859

2014-06-17 00:00:00

securityvulns

bugs in IJG jpeg6b & libjpeg-turbo

2013-12-09 00:00:00

libjpeg multiple security vulnerabilities

2013-12-09 00:00:00

[ MDVSA-2013:274 ] libjpeg

2013-11-26 00:00:00

veracode

Sensitive Information Disclosure

2019-05-02 05:00:31

Information Disclosure

2019-01-15 08:53:01

Arbitrary Code Execution

2019-05-02 04:58:06

gentoo

libjpeg-turbo: Multiple vulnerabilities

2016-06-05 00:00:00

oraclelinux

libjpeg-turbo security update

2013-12-09 00:00:00

libjpeg security update

2013-12-09 00:00:00

mageia

Updated libjpeg packages fix vulnerabilities in libjpeg-turbo

2013-11-21 00:31:46

Updated chromium-browser-stable packages fix multiple vulnerabilities

2013-11-13 23:09:45

centos

libjpeg security update

2013-12-10 01:01:49

libjpeg security update

2013-12-10 00:47:48

amazon

Medium: libjpeg-turbo

2013-12-17 21:32:00

redhat

(RHSA-2013:1803) Moderate: libjpeg-turbo security update

2013-12-09 00:00:00

(RHSA-2013:1804) Moderate: libjpeg security update

2013-12-09 00:00:00

(RHSA-2014:0041) Important: rhev-hypervisor6 security update

2014-01-21 00:00:00

ubuntu

libjpeg, libjpeg-turbo vulnerabilities

2013-12-19 00:00:00

Thunderbird vulnerabilities

2013-12-11 00:00:00

Firefox vulnerabilities

2013-12-11 00:00:00

cvelist

CVE-2013-6630

2013-11-15 20:00:00

CVE-2013-6629

2013-11-15 20:00:00

nvd

CVE-2013-6630

2013-11-19 04:50:56

CVE-2013-6629

2013-11-19 04:50:56

K62655427 : libjpeg-turbo vulnerability CVE-2013-6630

2016-02-19 00:00:00

SOL62655427 - libjpeg-turbo vulnerability CVE-2013-6630

2016-02-18 00:00:00

SOL59503294 - libjpeg vulnerability CVE-2013-6629

2016-02-19 00:00:00

debiancve

CVE-2013-6630

2013-11-19 04:50:56

CVE-2013-6629

2013-11-19 04:50:56

cve

CVE-2013-6630

2013-11-19 04:50:56

CVE-2013-6629

2013-11-19 04:50:56

prion

Memory corruption

2013-11-19 04:50:00

Design/Logic Flaw

2013-11-19 04:50:00

ubuntucve

CVE-2013-6630

2013-11-18 00:00:00

CVE-2013-6629

2013-11-18 00:00:00

mskb

Security update for the libjpeg information disclosure vulnerability in Windows Vista and Windows Server 2008: April 11, 2017

2017-04-11 07:00:00

Security update for the libjpeg information disclosure vulnerability for Microsoft Silverlight 5: April 11, 2017

2017-04-11 07:00:00

Security update for the libjpeg information disclosure vulnerability in Windows Vista and Windows Server 2008: April 11, 2017

2017-04-11 07:00:00

mscve

libjpeg Information Disclosure Vulnerability

2017-04-11 07:00:00

kaspersky

KLA11061 Information disclosure vulnerability in Microsoft Windows

2017-04-11 00:00:00

KLA11059 Multiple vulnerabilities in Microsoft Windows

2017-04-11 00:00:00

KLA11835 Multiple vulnerabilities in Microsoft Products (ESU)

2017-04-11 00:00:00

slackware

[slackware-security] libjpeg

2013-12-17 03:49:12

symantec

libjpeg/libjpeg-turbo Library CVE-2013-6629 Memory Corruption Vulnerability

2013-11-12 00:00:00

ibm

Security Bulletin: IBM Transform Services for IBM i is vulnerable to denial of service, buffer overflow, and allowing attacker to obtain sensitive information due to multiple vulnerabilities.

2022-11-17 15:02:38

Security Bulletin: Security vulnerability in IBM Jazz Team Server affects multiple IBM Rational products based on IBM Jazz technology (CVE-2014-2421, CVE-2013-6954, CVE-2013-6629, CVE-2014-0411, CVE-2014-0416)

2021-04-28 18:35:50

Security Bulletin: Vulnerabilities in Rational Functional Tester due to IBM SDK, Java Technology Edition Version 1.6 and IBM SDK, Java Technology Edition Version 1.7

2018-09-29 20:06:32

threatpost

12 Flaws Fixed in Google Chrome

2013-11-12 13:17:53

freebsd

chromium -- multiple vulnerabilities

2013-11-12 00:00:00

mozilla -- multiple vulnerabilities

2013-12-09 00:00:00

chrome

Stable Channel Update

2013-11-12 00:00:00

debian

[SECURITY] [DSA 2797-1] chromium-browser security update

2013-11-17 15:42:38

[SECURITY] [DSA 2797-1] chromium-browser security update

2013-11-17 15:42:38

suse

chromium: update to 31.0.1650.57 (important)

2013-11-27 20:04:35

Mozilla updates 2013/12 (important)

2013-12-13 15:04:36

chromium: 31.0.1650.57 version update (important)

2013-11-27 20:04:13

osv

chromium-browser - several

2013-11-16 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.006 Low

EPSS

Percentile

78.4%

JSON

Related for MFSA2013-116