Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2013-6630

Published: 19/11/2013 Updated: 07/11/2023
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Chrome

Vulnerability Summary

The get_dht function in jdmarker.c in libjpeg-turbo up to and including 1.3.0, as used in Google Chrome prior to 31.0.1650.48 and other products, does not set all elements of a certain Huffman value array during the reading of segments that follow Define Huffman Table (DHT) JPEG markers, which allows remote malicious users to obtain sensitive information from uninitialized memory locations via a crafted JPEG image.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

google chrome 31.0.1650.22

google chrome 31.0.1650.45

google chrome 31.0.1650.11

google chrome 31.0.1650.33

google chrome 31.0.1650.32

google chrome 31.0.1650.31

google chrome 31.0.1650.28

google chrome 31.0.1650.26

google chrome 31.0.1650.4

google chrome 31.0.1650.2

google chrome 31.0.1650.16

google chrome 31.0.1650.39

google chrome 31.0.1650.41

google chrome 31.0.1650.38

google chrome 31.0.1650.5

google chrome

google chrome 31.0.1650.36

google chrome 31.0.1650.43

google chrome 31.0.1650.34

google chrome 31.0.1650.13

google chrome 31.0.1650.44

google chrome 31.0.1650.23

google chrome 31.0.1650.17

google chrome 31.0.1650.19

google chrome 31.0.1650.20

google chrome 31.0.1650.14

google chrome 31.0.1650.10

google chrome 31.0.1650.46

google chrome 31.0.1650.7

google chrome 31.0.1650.37

google chrome 31.0.1650.29

google chrome 31.0.1650.8

google chrome 31.0.1650.25

google chrome 31.0.1650.9

google chrome 31.0.1650.3

google chrome 31.0.1650.12

google chrome 31.0.1650.15

google chrome 31.0.1650.30

google chrome 31.0.1650.35

google chrome 31.0.1650.27

google chrome 31.0.1650.42

google chrome 31.0.1650.6

google chrome 31.0.1650.0

google chrome 31.0.1650.18

Vendor Advisories

Red Hat: Moderate: libjpeg-turbo security update
Synopsis Moderate: libjpeg-turbo security update Type/Severity Security Advisory: Moderate Topic Updated libjpeg-turbo packages that fix two security issues are nowavailable for Red Hat Enterprise Linux 6The Red Hat Security Response Team has rated this update as having moderatesecurity impact Common Vuln ...
Debian CVElist Bug Report Logs: libjpeg8: CVE-2013-6629
Debian Bug report logs - #729867 libjpeg8: CVE-2013-6629 Package: libjpeg8; Maintainer for libjpeg8 is (unknown); Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Mon, 18 Nov 2013 12:48:02 UTC Severity: important Tags: patch, security Fixed in version libjpeg8/8d-2 Done: Bill Allombert <ballombe@debianorg> ...
Ubuntu Security Notice: firefox vulnerabilities
Firefox could be made to crash or run programs as your login if it opened a malicious website ...
Ubuntu Security Notice: thunderbird vulnerabilities
Several security issues were fixed in Thunderbird ...
Ubuntu Security Notice: libjpeg-turbo, libjpeg6b vulnerabilities
libjpeg and libjpeg-turbo could be made to expose sensitive information ...
Debian Security Advisories: DSA-2799-1 chromium-browser -- several vulnerabilities
Several vulnerabilities have been discovered in the chromium web browser CVE-2013-2931 The chrome 31 development team found various issues from internal fuzzing, audits, and other studies CVE-2013-6621 Khalil Zhani discovered a use-after-free issue in speech input handling CVE-2013-6622 cloudfuzzer discovered a use-after-fre ...
Amazon Linux AMI: ALAS-2013-267
An uninitialized memory read issue was found in the way libjpeg-turbo decoded images with missing Start Of Scan (SOS) JPEG markers or Define Huffman Table (DHT) JPEG markers A remote attacker could create a specially crafted JPEG image that, when decoded, could possibly lead to a disclosure of potentially sensitive information (CVE-2013-6629, CVE ...
Mozilla: JPEG information leak
Mozilla Foundation Security Advisory 2013-116 JPEG information leak Announced December 10, 2013 Reporter Michal Zalewski Impact High Products Firefox, Firefox ESR, SeaMonkey, Thunderbird Fixed in ...

References

CWE-189https://code.google.com/p/chromium/issues/detail?id=299835http://archives.neohapsis.com/archives/fulldisclosure/2013-11/0080.htmlhttp://googlechromereleases.blogspot.com/2013/11/stable-channel-update.htmlhttp://www.mozilla.org/security/announce/2013/mfsa2013-116.htmlhttps://bugzilla.mozilla.org/show_bug.cgi?id=891693http://www.debian.org/security/2013/dsa-2799http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00025.htmlhttp://rhn.redhat.com/errata/RHSA-2013-1803.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.htmlhttp://www.ubuntu.com/usn/USN-2053-1http://www.ubuntu.com/usn/USN-2052-1http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00026.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2013-December/123437.htmlhttp://lists.opensuse.org/opensuse-updates/2013-12/msg00119.htmlhttp://lists.opensuse.org/opensuse-updates/2013-12/msg00121.htmlhttp://lists.opensuse.org/opensuse-updates/2013-12/msg00120.htmlhttp://secunia.com/advisories/56175http://lists.opensuse.org/opensuse-updates/2014-01/msg00002.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2013-December/124108.htmlhttp://lists.opensuse.org/opensuse-updates/2013-12/msg00086.htmlhttp://www.ubuntu.com/usn/USN-2060-1http://lists.opensuse.org/opensuse-updates/2013-12/msg00085.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2014-January/125470.htmlhttp://lists.opensuse.org/opensuse-updates/2013-12/msg00087.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2013-December/124257.htmlhttp://lists.opensuse.org/opensuse-updates/2014-01/msg00042.htmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2013:273http://advisories.mageia.org/MGASA-2013-0333.htmlhttp://www.securitytracker.com/id/1029476http://www.securitytracker.com/id/1029470https://security.gentoo.org/glsa/201606-03http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlhttp://git.chromium.org/gitweb/?p=chromium/deps/libjpeg_turbo.git%3Ba=commit%3Bh=32cab49bd4cb1ce069a435fd75f9439c34ddc6f8https://access.redhat.com/errata/RHSA-2013:1803https://nvd.nist.govhttps://usn.ubuntu.com/2052-1/
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
man-in-the-middleCVE-2024-34558CVE-2024-32674CVE-2024-34351XPath injectionCVE-2023-45866CVE-2024-25528CVE-2024-25517path traversal
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook