5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.006 Low
EPSS
Percentile
78.0%
Issue Overview:
An uninitialized memory read issue was found in the way libjpeg-turbo decoded images with missing Start Of Scan (SOS) JPEG markers or Define Huffman Table (DHT) JPEG markers. A remote attacker could create a specially crafted JPEG image that, when decoded, could possibly lead to a disclosure of potentially sensitive information. (CVE-2013-6629, CVE-2013-6630)
Affected Packages:
libjpeg-turbo
Issue Correction:
Run yum update libjpeg-turbo to update your system.
New Packages:
i686:
libjpeg-turbo-static-1.2.1-3.4.amzn1.i686
libjpeg-turbo-debuginfo-1.2.1-3.4.amzn1.i686
libjpeg-turbo-utils-1.2.1-3.4.amzn1.i686
turbojpeg-1.2.1-3.4.amzn1.i686
turbojpeg-devel-1.2.1-3.4.amzn1.i686
libjpeg-turbo-devel-1.2.1-3.4.amzn1.i686
libjpeg-turbo-1.2.1-3.4.amzn1.i686
src:
libjpeg-turbo-1.2.1-3.4.amzn1.src
x86_64:
libjpeg-turbo-static-1.2.1-3.4.amzn1.x86_64
libjpeg-turbo-debuginfo-1.2.1-3.4.amzn1.x86_64
libjpeg-turbo-devel-1.2.1-3.4.amzn1.x86_64
turbojpeg-devel-1.2.1-3.4.amzn1.x86_64
libjpeg-turbo-utils-1.2.1-3.4.amzn1.x86_64
turbojpeg-1.2.1-3.4.amzn1.x86_64
libjpeg-turbo-1.2.1-3.4.amzn1.x86_64
Red Hat: CVE-2013-6629, CVE-2013-6630
Mitre: CVE-2013-6629, CVE-2013-6630