6 Medium
AI Score
Confidence
Low
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.003 Low
EPSS
Percentile
67.9%
The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image.
CPE | Name | Operator | Version |
---|---|---|---|
gpl_ghostscript | lt | 9.03 | |
ubuntu_linux | eq | 13.04 | |
ubuntu_linux | eq | 13.10 | |
ubuntu_linux | eq | 12.10 | |
ubuntu_linux | eq | 10.04 | |
ubuntu_linux | eq | 12.04 | |
debian_linux | eq | 8.0 | |
debian_linux | eq | 7.0 | |
fedora | eq | 18 | |
fedora | eq | 20 |
advisories.mageia.org/MGASA-2013-0333.html
archives.neohapsis.com/archives/fulldisclosure/2013-11/0080.html
bugs.ghostscript.com/show_bug.cgi?id=686980
kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
lists.opensuse.org/opensuse-security-announce/2013-11/msg00025.html
lists.opensuse.org/opensuse-security-announce/2013-11/msg00026.html
lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html
lists.opensuse.org/opensuse-updates/2013-12/msg00085.html
lists.opensuse.org/opensuse-updates/2013-12/msg00086.html
lists.opensuse.org/opensuse-updates/2013-12/msg00087.html
lists.opensuse.org/opensuse-updates/2013-12/msg00119.html
lists.opensuse.org/opensuse-updates/2013-12/msg00120.html
lists.opensuse.org/opensuse-updates/2013-12/msg00121.html
lists.opensuse.org/opensuse-updates/2014-01/msg00002.html
lists.opensuse.org/opensuse-updates/2014-01/msg00042.html
rhn.redhat.com/errata/RHSA-2013-1803.html
rhn.redhat.com/errata/RHSA-2013-1804.html
secunia.com/advisories/56175
secunia.com/advisories/58974
secunia.com/advisories/59058
security.gentoo.org/glsa/glsa-201406-32.xml
support.apple.com/kb/HT6150
support.apple.com/kb/HT6162
support.apple.com/kb/HT6163
www-01.ibm.com/support/docview.wss?uid=swg21672080
www-01.ibm.com/support/docview.wss?uid=swg21676746
www.debian.org/security/2013/dsa-2799
www.mandriva.com/security/advisories?name=MDVSA-2013:273
www.mozilla.org/security/announce/2013/mfsa2013-116.html
www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html
www.securityfocus.com/bid/63676
www.securitytracker.com/id/1029470
www.securitytracker.com/id/1029476
www.ubuntu.com/usn/USN-2052-1
www.ubuntu.com/usn/USN-2053-1
www.ubuntu.com/usn/USN-2060-1
access.redhat.com/errata/RHSA-2014:0413
access.redhat.com/errata/RHSA-2014:0414
bugzilla.mozilla.org/show_bug.cgi?id=891693
code.google.com/p/chromium/issues/detail?id=258723
googlechromereleases.blogspot.com/2013/11/stable-channel-update.html
lists.fedoraproject.org/pipermail/package-announce/2013-December/123437.html
lists.fedoraproject.org/pipermail/package-announce/2013-December/124108.html
lists.fedoraproject.org/pipermail/package-announce/2013-December/124257.html
lists.fedoraproject.org/pipermail/package-announce/2014-January/125470.html
marc.info/?l=bugtraq&m=140852886808946&w=2
marc.info/?l=bugtraq&m=140852974709252&w=2
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2013-6629
security.gentoo.org/glsa/201606-03
src.chromium.org/viewvc/chrome?revision=229729&view=revision
www.ibm.com/support/docview.wss?uid=swg21675973