Lucene search
Ubuntu.comUB:CVE-2013-6629HistoryNov 18, 2013 - 12:00 a.m.
CVE-2013-6629
2013-11-1800:00:00
ubuntu.com
ubuntu.com
21
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.003 Low
EPSS
Percentile
68.1%
The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo
through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript,
and other products, does not check for certain duplications of component
data during the reading of segments that follow Start Of Scan (SOS) JPEG
markers, which allows remote attackers to obtain sensitive information from
uninitialized memory locations via a crafted JPEG image.
Bugs
- <http://bugs.ghostscript.com/show_bug.cgi?id=686980>
- <https://bugs.launchpad.net/ubuntu/+source/libjpeg-turbo/+bug/1252912>
- <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=729867 (libjpeg8)>
- <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=729873 (libjpeg-turbo)>
Notes
| Author | Note |
|---|---|
| seth-arnold | Michal suggests libjpeg6b will not be updated from upstream |
| mdeslaur | upstream bug and proposed patch is ancient. Chromium contains a patch. |
| jdstrand | openjdk uses system jpeg |
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 12.04 | noarch | firefox | <Â 26.0+build2-0ubuntu0.12.04.2 | UNKNOWN |
| ubuntu | 12.10 | noarch | firefox | <Â 26.0+build2-0ubuntu0.12.10.2 | UNKNOWN |
| ubuntu | 13.04 | noarch | firefox | <Â 26.0+build2-0ubuntu0.13.04.2 | UNKNOWN |
| ubuntu | 13.10 | noarch | firefox | <Â 26.0+build2-0ubuntu0.13.10.2 | UNKNOWN |
| ubuntu | 12.04 | noarch | libjpeg-turbo | <Â 1.1.90+svn733-0ubuntu4.3 | UNKNOWN |
| ubuntu | 12.10 | noarch | libjpeg-turbo | <Â 1.2.1-0ubuntu2.12.10.1 | UNKNOWN |
| ubuntu | 13.04 | noarch | libjpeg-turbo | <Â 1.2.1-0ubuntu2.13.04.1 | UNKNOWN |
| ubuntu | 13.10 | noarch | libjpeg-turbo | <Â 1.3.0-0ubuntu1.1 | UNKNOWN |
| ubuntu | 10.04 | noarch | libjpeg6b | <Â 6b-15ubuntu1.1 | UNKNOWN |
| ubuntu | 12.04 | noarch | libjpeg6b | <Â 6b1-2ubuntu1.1 | UNKNOWN |
References
lists.grok.org.uk/pipermail/full-disclosure/2013-November/092015.html
launchpad.net/bugs/cve/CVE-2013-6629
nvd.nist.gov/vuln/detail/CVE-2013-6629
security-tracker.debian.org/tracker/CVE-2013-6629
ubuntu.com/security/notices/USN-2052-1
ubuntu.com/security/notices/USN-2053-1
ubuntu.com/security/notices/USN-2060-1
www.cve.org/CVERecord?id=CVE-2013-6629
Related
nessus
nessus
F5 Networks BIG-IP : libjpeg vulnerability (K59503294)
2016-05-24 00:00:00
KB4017094: Security Update for the libjpeg Information Disclosure Vulnerability for Microsoft Silverlight 5 (April 2017)
2017-04-11 00:00:00
Scientific Linux Security Update : libjpeg on SL5.x i386/x86_64 (20131210)
2013-12-11 00:00:00
mskb
mskb
mscve
mscve
libjpeg Information Disclosure Vulnerability
2017-04-11 07:00:00
openvas
openvas
Microsoft Windows 'libjpeg' Information Disclosure Vulnerability (KB4014794)
2017-04-12 00:00:00
Microsoft Windows 'libjpeg' Information Disclosure Vulnerability (KB4015383)
2017-04-12 00:00:00
CentOS Update for libjpeg CESA-2013:1804 centos5
2013-12-17 00:00:00
veracode
veracode
Information Disclosure
2019-01-15 08:53:01
Sensitive Information Disclosure
2019-05-02 05:00:31
Privilege Escalation
2019-05-02 04:58:06
oraclelinux
oraclelinux
libjpeg security update
2013-12-09 00:00:00
libjpeg-turbo security update
2013-12-09 00:00:00
f5
f5
K59503294 : libjpeg vulnerability CVE-2013-6629
2016-02-19 00:00:00
SOL59503294 - libjpeg vulnerability CVE-2013-6629
2016-02-19 00:00:00
symantec
symantec
libjpeg/libjpeg-turbo Library CVE-2013-6629 Memory Corruption Vulnerability
2013-11-12 00:00:00
slackware
slackware
[slackware-security] libjpeg
2013-12-17 03:49:12
debiancve
debiancve
CVE-2013-6629
2013-11-19 04:50:00
kaspersky
kaspersky
KLA11061 Information disclosure vulnerability in Microsoft Windows
2017-04-11 00:00:00
KLA11059 Multiple vulnerabilities in Microsoft Windows
2017-04-11 00:00:00
KLA11835 Multiple vulnerabilities in Microsoft Products (ESU)
2017-04-11 00:00:00
redhat
redhat
(RHSA-2013:1804) Moderate: libjpeg security update
2013-12-09 00:00:00
(RHSA-2013:1803) Moderate: libjpeg-turbo security update
2013-12-09 00:00:00
(RHSA-2014:0041) Important: rhev-hypervisor6 security update
2014-01-21 00:00:00
prion
prion
Design/Logic Flaw
2013-11-19 04:50:00
centos
centos
libjpeg security update
2013-12-10 00:47:48
libjpeg security update
2013-12-10 01:01:49
cve
cve
CVE-2013-6629
2013-11-19 04:50:00
fedora
fedora
[SECURITY] Fedora 20 Update: mingw-libjpeg-turbo-1.3.1-1.fc20
2014-06-10 03:09:55
[SECURITY] Fedora 19 Update: libjpeg-turbo-1.2.90-3.fc19
2014-01-10 07:56:56
[SECURITY] Fedora 19 Update: mingw-libjpeg-turbo-1.3.1-1.fc19
2014-06-10 03:13:25
mozilla
mozilla
JPEG information leak â Mozilla
2013-12-10 00:00:00
mageia
mageia
Updated libjpeg packages fix vulnerabilities in libjpeg-turbo
2013-11-21 00:31:46
Updated chromium-browser-stable packages fix multiple vulnerabilities
2013-11-13 23:09:45
amazon
amazon
Medium: libjpeg-turbo
2013-12-17 21:32:00
ubuntu
ubuntu
libjpeg, libjpeg-turbo vulnerabilities
2013-12-19 00:00:00
Thunderbird vulnerabilities
2013-12-11 00:00:00
Firefox vulnerabilities
2013-12-11 00:00:00
securityvulns
securityvulns
bugs in IJG jpeg6b & libjpeg-turbo
2013-12-09 00:00:00
libjpeg multiple security vulnerabilities
2013-12-09 00:00:00
[ MDVSA-2013:274 ] libjpeg
2013-11-26 00:00:00
gentoo
gentoo
libjpeg-turbo: Multiple vulnerabilities
2016-06-05 00:00:00
ibm
ibm
freebsd
freebsd
chromium -- multiple vulnerabilities
2013-11-12 00:00:00
mozilla -- multiple vulnerabilities
2013-12-09 00:00:00
chrome
chrome
Stable Channel Update
2013-11-12 00:00:00
threatpost
threatpost
12 Flaws Fixed in Google Chrome
2013-11-12 13:17:53
suse
suse
chromium: update to 31.0.1650.57 (important)
2013-11-27 20:04:35
Mozilla updates 2013/12 (important)
2013-12-13 15:04:36
chromium: 31.0.1650.57 version update (important)
2013-11-27 20:04:13
debian
debian
[SECURITY] [DSA 2797-1] chromium-browser security update
2013-11-17 15:42:38
[SECURITY] [DSA 2797-1] chromium-browser security update
2013-11-17 15:42:38
osv
osv
chromium-browser - several
2013-11-16 00:00:00
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.003 Low
EPSS
Percentile
68.1%
Related for UB:CVE-2013-6629