The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo up to and including 1.3.0, as used in Google Chrome prior to 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote malicious users to obtain sensitive information from uninitialized memory locations via a crafted JPEG image.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
google chrome |
||
oracle solaris 11.3 |
||
artifex gpl ghostscript |
||
libjpeg-turbo libjpeg-turbo |
||
fedoraproject fedora 18 |
||
fedoraproject fedora 20 |
||
fedoraproject fedora 19 |
||
opensuse opensuse 12.3 |
||
opensuse opensuse 12.2 |
||
opensuse opensuse 13.1 |
||
canonical ubuntu linux 13.04 |
||
canonical ubuntu linux 13.10 |
||
canonical ubuntu linux 12.10 |
||
canonical ubuntu linux 10.04 |
||
canonical ubuntu linux 12.04 |
||
debian debian linux 8.0 |
||
debian debian linux 7.0 |
||
mozilla firefox |
||
mozilla seamonkey |
||
mozilla thunderbird |
||
mozilla firefox esr |