Google security researcher Michal Zalewski reported issues with JPEG format image processing with Start Of Scan (SOS) and Define Huffman Table (DHT) markers in the libjpeg library. This could allow for the possible reading of arbitrary memory content as well as cross-domain image theft.

CPENameOperatorVersion
firefoxlt26
firefox esrlt24.2
seamonkeylt2.23
thunderbirdlt24.2

Name	Operator	Version
firefox	lt	26
firefox esr	lt	24.2
seamonkey	lt	2.23
thunderbird	lt	24.2

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6629

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6630

bugzilla.mozilla.org/show_bug.cgi?id=891693

fedora 6

nessus 63

openvas 47

redhat 4

amazon 1

ubuntu 3

centos 2

securityvulns 6

veracode 18

gentoo 1

mageia 2

oraclelinux 2

f5 4

debiancve 2

prion 2

ubuntucve 2

cve 2

kaspersky 3

mskb 8

mscve 1

symantec 1

slackware 1

ibm 7

threatpost 1

freebsd 2

chrome 1

debian 2

osv 1

suse 4

fedora

[SECURITY] Fedora 19 Update: libjpeg-turbo-1.2.90-3.fc19

2014-01-10 07:56:56

[SECURITY] Fedora 19 Update: mingw-libjpeg-turbo-1.3.1-1.fc19

2014-06-10 03:13:25

[SECURITY] Fedora 20 Update: libjpeg-turbo-1.3.0-2.fc20

2013-12-24 03:42:20

nessus

Mandriva Linux Security Advisory : libjpeg (MDVSA-2013:273)

2013-11-22 00:00:00

Fedora 19 : mingw-libjpeg-turbo-1.3.1-1.fc19 (2014-6859)

2014-06-10 00:00:00

GLSA-201606-03 : libjpeg-turbo: Multiple vulnerabilities

2016-06-06 00:00:00

openvas

CentOS Update for libjpeg-turbo CESA-2013:1803 centos6

2013-12-17 00:00:00

Ubuntu: Security Advisory (USN-2060-1)

2013-12-23 00:00:00

Mageia: Security Advisory (MGASA-2013-0333)

2022-01-28 00:00:00

redhat

(RHSA-2013:1803) Moderate: libjpeg-turbo security update

2013-12-09 00:00:00

(RHSA-2013:1804) Moderate: libjpeg security update

2013-12-09 00:00:00

(RHSA-2014:0041) Important: rhev-hypervisor6 security update

2014-01-21 00:00:00

amazon

Medium: libjpeg-turbo

2013-12-17 21:32:00

ubuntu

libjpeg, libjpeg-turbo vulnerabilities

2013-12-19 00:00:00

Thunderbird vulnerabilities

2013-12-11 00:00:00

Firefox vulnerabilities

2013-12-11 00:00:00

centos

libjpeg security update

2013-12-10 01:01:49

libjpeg security update

2013-12-10 00:47:48

securityvulns

bugs in IJG jpeg6b & libjpeg-turbo

2013-12-09 00:00:00

[ MDVSA-2013:274 ] libjpeg

2013-11-26 00:00:00

libjpeg multiple security vulnerabilities

2013-12-09 00:00:00

veracode

Sensitive Information Disclosure

2019-05-02 05:00:31

Information Disclosure

2019-01-15 08:53:01

Information Disclosure

2019-05-02 04:58:07

gentoo

libjpeg-turbo: Multiple vulnerabilities

2016-06-05 00:00:00

mageia

Updated libjpeg packages fix vulnerabilities in libjpeg-turbo

2013-11-21 00:31:46

Updated chromium-browser-stable packages fix multiple vulnerabilities

2013-11-13 23:09:45

oraclelinux

libjpeg-turbo security update

2013-12-09 00:00:00

libjpeg security update

2013-12-09 00:00:00

K62655427 : libjpeg-turbo vulnerability CVE-2013-6630

2016-02-19 00:00:00

SOL62655427 - libjpeg-turbo vulnerability CVE-2013-6630

2016-02-18 00:00:00

K59503294 : libjpeg vulnerability CVE-2013-6629

2016-02-19 00:00:00

debiancve

CVE-2013-6630

2013-11-19 04:50:00

CVE-2013-6629

2013-11-19 04:50:00

prion

Memory corruption

2013-11-19 04:50:00

Design/Logic Flaw

2013-11-19 04:50:00

ubuntucve

CVE-2013-6630

2013-11-18 00:00:00

CVE-2013-6629

2013-11-18 00:00:00

cve

CVE-2013-6630

2013-11-19 04:50:00

CVE-2013-6629

2013-11-19 04:50:00

kaspersky

KLA11061 Information disclosure vulnerability in Microsoft Windows

2017-04-11 00:00:00

KLA11059 Multiple vulnerabilities in Microsoft Windows

2017-04-11 00:00:00

KLA11835 Multiple vulnerabilities in Microsoft Products (ESU)

2017-04-11 00:00:00

mskb

Security update for the libjpeg information disclosure vulnerability for Microsoft Silverlight 5: April 11, 2017

2017-04-11 07:00:00

Security update for the libjpeg information disclosure vulnerability in Windows Vista and Windows Server 2008: April 11, 2017

2017-04-11 07:00:00

Security update for the libjpeg information disclosure vulnerability in Windows Vista and Windows Server 2008: April 11, 2017

2017-04-11 07:00:00

mscve

libjpeg Information Disclosure Vulnerability

2017-04-11 07:00:00

symantec

libjpeg/libjpeg-turbo Library CVE-2013-6629 Memory Corruption Vulnerability

2013-11-12 00:00:00

slackware

[slackware-security] libjpeg

2013-12-17 03:49:12

ibm

Security Bulletin: IBM Transform Services for IBM i is vulnerable to denial of service, buffer overflow, and allowing attacker to obtain sensitive information due to multiple vulnerabilities.

2022-11-17 15:02:38

Security Bulletin: Security vulnerability in IBM Jazz Team Server affects multiple IBM Rational products based on IBM Jazz technology (CVE-2014-2421, CVE-2013-6954, CVE-2013-6629, CVE-2014-0411, CVE-2014-0416)

2021-04-28 18:35:50

Security Bulletin: Multiple vulnerabilities in IBM SDK for Java included with IBM Forms Viewer

2018-06-16 19:52:50

threatpost

12 Flaws Fixed in Google Chrome

2013-11-12 13:17:53

freebsd

chromium -- multiple vulnerabilities

2013-11-12 00:00:00

mozilla -- multiple vulnerabilities

2013-12-09 00:00:00

chrome

Stable Channel Update

2013-11-12 00:00:00

debian

[SECURITY] [DSA 2797-1] chromium-browser security update

2013-11-17 15:42:38

[SECURITY] [DSA 2797-1] chromium-browser security update

2013-11-17 15:42:38

osv

chromium-browser - several

2013-11-16 00:00:00

suse

chromium: update to 31.0.1650.57 (important)

2013-11-27 20:04:35

Mozilla updates 2013/12 (important)

2013-12-13 15:04:36

chromium: 31.0.1650.57 version update (important)

2013-11-27 20:04:13

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
OpenSource

@2024 Vulners Inc

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.006 Low

EPSS

Percentile

78.0%

JSON

Related for MFSA2013-116