Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2013-6629

Published: 19/11/2013 Updated: 21/06/2023
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Google

Vulnerability Summary

The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo up to and including 1.3.0, as used in Google Chrome prior to 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote malicious users to obtain sensitive information from uninitialized memory locations via a crafted JPEG image.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

google chrome

oracle solaris 11.3

artifex gpl ghostscript

libjpeg-turbo libjpeg-turbo

fedoraproject fedora 18

fedoraproject fedora 20

fedoraproject fedora 19

opensuse opensuse 12.3

opensuse opensuse 12.2

opensuse opensuse 13.1

canonical ubuntu linux 13.04

canonical ubuntu linux 13.10

canonical ubuntu linux 12.10

canonical ubuntu linux 10.04

canonical ubuntu linux 12.04

debian debian linux 8.0

debian debian linux 7.0

mozilla firefox

mozilla seamonkey

mozilla thunderbird

mozilla firefox esr

Vendor Advisories

Debian CVElist Bug Report Logs: libjpeg8: CVE-2013-6629
Debian Bug report logs - #729867 libjpeg8: CVE-2013-6629 Package: libjpeg8; Maintainer for libjpeg8 is (unknown); Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Mon, 18 Nov 2013 12:48:02 UTC Severity: important Tags: patch, security Fixed in version libjpeg8/8d-2 Done: Bill Allombert <ballombe@debianorg> ...
Red Hat: Moderate: libjpeg-turbo security update
Synopsis Moderate: libjpeg-turbo security update Type/Severity Security Advisory: Moderate Topic Updated libjpeg-turbo packages that fix two security issues are nowavailable for Red Hat Enterprise Linux 6The Red Hat Security Response Team has rated this update as having moderatesecurity impact Common Vuln ...
Red Hat: Moderate: libjpeg security update
Synopsis Moderate: libjpeg security update Type/Severity Security Advisory: Moderate Topic An updated libjpeg package that fixes one security issue is now availablefor Red Hat Enterprise Linux 5The Red Hat Security Response Team has rated this update as having moderatesecurity impact A Common Vulnerabilit ...
Ubuntu Security Notice: firefox vulnerabilities
Firefox could be made to crash or run programs as your login if it opened a malicious website ...
Ubuntu Security Notice: thunderbird vulnerabilities
Several security issues were fixed in Thunderbird ...
Ubuntu Security Notice: libjpeg-turbo, libjpeg6b vulnerabilities
libjpeg and libjpeg-turbo could be made to expose sensitive information ...
Debian Security Advisories: DSA-2799-1 chromium-browser -- several vulnerabilities
Several vulnerabilities have been discovered in the chromium web browser CVE-2013-2931 The chrome 31 development team found various issues from internal fuzzing, audits, and other studies CVE-2013-6621 Khalil Zhani discovered a use-after-free issue in speech input handling CVE-2013-6622 cloudfuzzer discovered a use-after-fre ...
Amazon Linux AMI: ALAS-2013-267
An uninitialized memory read issue was found in the way libjpeg-turbo decoded images with missing Start Of Scan (SOS) JPEG markers or Define Huffman Table (DHT) JPEG markers A remote attacker could create a specially crafted JPEG image that, when decoded, could possibly lead to a disclosure of potentially sensitive information (CVE-2013-6629, CVE ...
Mozilla: JPEG information leak
Mozilla Foundation Security Advisory 2013-116 JPEG information leak Announced December 10, 2013 Reporter Michal Zalewski Impact High Products Firefox, Firefox ESR, SeaMonkey, Thunderbird Fixed in ...

References

CWE-200https://code.google.com/p/chromium/issues/detail?id=258723https://src.chromium.org/viewvc/chrome?revision=229729&view=revisionhttp://archives.neohapsis.com/archives/fulldisclosure/2013-11/0080.htmlhttp://bugs.ghostscript.com/show_bug.cgi?id=686980http://googlechromereleases.blogspot.com/2013/11/stable-channel-update.htmlhttp://www.mozilla.org/security/announce/2013/mfsa2013-116.htmlhttps://bugzilla.mozilla.org/show_bug.cgi?id=891693http://www.debian.org/security/2013/dsa-2799http://rhn.redhat.com/errata/RHSA-2013-1803.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-11/msg00025.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.htmlhttp://rhn.redhat.com/errata/RHSA-2013-1804.htmlhttp://www.ubuntu.com/usn/USN-2053-1http://www.ubuntu.com/usn/USN-2052-1http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00026.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2013-December/123437.htmlhttp://lists.opensuse.org/opensuse-updates/2013-12/msg00119.htmlhttp://lists.opensuse.org/opensuse-updates/2013-12/msg00121.htmlhttp://lists.opensuse.org/opensuse-updates/2013-12/msg00120.htmlhttp://secunia.com/advisories/56175http://lists.opensuse.org/opensuse-updates/2014-01/msg00002.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2013-December/124108.htmlhttp://lists.opensuse.org/opensuse-updates/2013-12/msg00086.htmlhttp://www.ubuntu.com/usn/USN-2060-1http://lists.opensuse.org/opensuse-updates/2013-12/msg00085.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2014-January/125470.htmlhttp://lists.opensuse.org/opensuse-updates/2013-12/msg00087.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2013-December/124257.htmlhttp://lists.opensuse.org/opensuse-updates/2014-01/msg00042.htmlhttp://support.apple.com/kb/HT6150http://www.mandriva.com/security/advisories?name=MDVSA-2013:273http://advisories.mageia.org/MGASA-2013-0333.htmlhttp://support.apple.com/kb/HT6163http://support.apple.com/kb/HT6162http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.htmlhttp://www-01.ibm.com/support/docview.wss?uid=swg21672080http://www-01.ibm.com/support/docview.wss?uid=swg21676746http://secunia.com/advisories/58974http://secunia.com/advisories/59058https://www.ibm.com/support/docview.wss?uid=swg21675973http://security.gentoo.org/glsa/glsa-201406-32.xmlhttp://www.securitytracker.com/id/1029476http://www.securitytracker.com/id/1029470https://security.gentoo.org/glsa/201606-03http://marc.info/?l=bugtraq&m=140852974709252&w=2http://marc.info/?l=bugtraq&m=140852886808946&w=2http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlhttp://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2013-6629http://www.securityfocus.com/bid/63676https://access.redhat.com/errata/RHSA-2014:0414https://access.redhat.com/errata/RHSA-2014:0413https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=729867https://nvd.nist.govhttps://usn.ubuntu.com/2052-1/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionfirmwareCVE-2006-4304CVE-2024-32878CVE-2024-31502XSSCVE-2024-3059CVE-2024-33692CVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook