CVE-2013-6629
Summary
| CVE | CVE-2013-6629 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2013-11-19 04:50:00 UTC |
| Updated | 2023-06-21 18:19:00 UTC |
| Description | The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image. |
Risk And Classification
Problem Types: CWE-200
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Artifex | Gpl Ghostscript | All | All | All | All |
| Application | Artifex | Gpl Ghostscript | - | All | All | All |
| Application | Artifex | Gpl Ghostscript | - | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 10.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 12.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 12.10 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 13.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 13.10 | All | All | All |
| Operating System | Debian | Debian Linux | 7.0 | All | All | All |
| Operating System | Debian | Debian Linux | 8.0 | All | All | All |
| Operating System | Fedoraproject | Fedora | 18 | All | All | All |
| Operating System | Fedoraproject | Fedora | 19 | All | All | All |
| Operating System | Fedoraproject | Fedora | 20 | All | All | All |
| Application | Chrome | All | All | All | All | |
| Application | Chrome | 31.0.1650.0 | All | All | All | |
| Application | Chrome | 31.0.1650.10 | All | All | All | |
| Application | Chrome | 31.0.1650.11 | All | All | All | |
| Application | Chrome | 31.0.1650.12 | All | All | All | |
| Application | Chrome | 31.0.1650.13 | All | All | All | |
| Application | Chrome | 31.0.1650.14 | All | All | All | |
| Application | Chrome | 31.0.1650.15 | All | All | All | |
| Application | Chrome | 31.0.1650.16 | All | All | All | |
| Application | Chrome | 31.0.1650.17 | All | All | All | |
| Application | Chrome | 31.0.1650.18 | All | All | All | |
| Application | Chrome | 31.0.1650.19 | All | All | All | |
| Application | Chrome | 31.0.1650.2 | All | All | All | |
| Application | Chrome | 31.0.1650.20 | All | All | All | |
| Application | Chrome | 31.0.1650.22 | All | All | All | |
| Application | Chrome | 31.0.1650.23 | All | All | All | |
| Application | Chrome | 31.0.1650.25 | All | All | All | |
| Application | Chrome | 31.0.1650.26 | All | All | All | |
| Application | Chrome | 31.0.1650.27 | All | All | All | |
| Application | Chrome | 31.0.1650.28 | All | All | All | |
| Application | Chrome | 31.0.1650.29 | All | All | All | |
| Application | Chrome | 31.0.1650.3 | All | All | All | |
| Application | Chrome | 31.0.1650.30 | All | All | All | |
| Application | Chrome | 31.0.1650.31 | All | All | All | |
| Application | Chrome | 31.0.1650.32 | All | All | All | |
| Application | Chrome | 31.0.1650.33 | All | All | All | |
| Application | Chrome | 31.0.1650.34 | All | All | All | |
| Application | Chrome | 31.0.1650.35 | All | All | All | |
| Application | Chrome | 31.0.1650.36 | All | All | All | |
| Application | Chrome | 31.0.1650.37 | All | All | All | |
| Application | Chrome | 31.0.1650.38 | All | All | All | |
| Application | Chrome | 31.0.1650.39 | All | All | All | |
| Application | Chrome | 31.0.1650.4 | All | All | All | |
| Application | Chrome | 31.0.1650.41 | All | All | All | |
| Application | Chrome | 31.0.1650.42 | All | All | All | |
| Application | Chrome | 31.0.1650.43 | All | All | All | |
| Application | Chrome | 31.0.1650.44 | All | All | All | |
| Application | Chrome | 31.0.1650.45 | All | All | All | |
| Application | Chrome | 31.0.1650.46 | All | All | All | |
| Application | Chrome | 31.0.1650.5 | All | All | All | |
| Application | Chrome | 31.0.1650.6 | All | All | All | |
| Application | Chrome | 31.0.1650.7 | All | All | All | |
| Application | Chrome | 31.0.1650.8 | All | All | All | |
| Application | Chrome | 31.0.1650.9 | All | All | All | |
| Application | Chrome | 31.0.1650.0 | All | All | All | |
| Application | Chrome | 31.0.1650.10 | All | All | All | |
| Application | Chrome | 31.0.1650.11 | All | All | All | |
| Application | Chrome | 31.0.1650.12 | All | All | All | |
| Application | Chrome | 31.0.1650.13 | All | All | All | |
| Application | Chrome | 31.0.1650.14 | All | All | All | |
| Application | Chrome | 31.0.1650.15 | All | All | All | |
| Application | Chrome | 31.0.1650.16 | All | All | All | |
| Application | Chrome | 31.0.1650.17 | All | All | All | |
| Application | Chrome | 31.0.1650.18 | All | All | All | |
| Application | Chrome | 31.0.1650.19 | All | All | All | |
| Application | Chrome | 31.0.1650.2 | All | All | All | |
| Application | Chrome | 31.0.1650.20 | All | All | All | |
| Application | Chrome | 31.0.1650.22 | All | All | All | |
| Application | Chrome | 31.0.1650.23 | All | All | All | |
| Application | Chrome | 31.0.1650.25 | All | All | All | |
| Application | Chrome | 31.0.1650.26 | All | All | All | |
| Application | Chrome | 31.0.1650.27 | All | All | All | |
| Application | Chrome | 31.0.1650.28 | All | All | All | |
| Application | Chrome | 31.0.1650.29 | All | All | All | |
| Application | Chrome | 31.0.1650.3 | All | All | All | |
| Application | Chrome | 31.0.1650.30 | All | All | All | |
| Application | Chrome | 31.0.1650.31 | All | All | All | |
| Application | Chrome | 31.0.1650.32 | All | All | All | |
| Application | Chrome | 31.0.1650.33 | All | All | All | |
| Application | Chrome | 31.0.1650.34 | All | All | All | |
| Application | Chrome | 31.0.1650.35 | All | All | All | |
| Application | Chrome | 31.0.1650.36 | All | All | All | |
| Application | Chrome | 31.0.1650.37 | All | All | All | |
| Application | Chrome | 31.0.1650.38 | All | All | All | |
| Application | Chrome | 31.0.1650.39 | All | All | All | |
| Application | Chrome | 31.0.1650.4 | All | All | All | |
| Application | Chrome | 31.0.1650.41 | All | All | All | |
| Application | Chrome | 31.0.1650.42 | All | All | All | |
| Application | Chrome | 31.0.1650.43 | All | All | All | |
| Application | Chrome | 31.0.1650.44 | All | All | All | |
| Application | Chrome | 31.0.1650.45 | All | All | All | |
| Application | Chrome | 31.0.1650.46 | All | All | All | |
| Application | Chrome | 31.0.1650.5 | All | All | All | |
| Application | Chrome | 31.0.1650.6 | All | All | All | |
| Application | Chrome | 31.0.1650.7 | All | All | All | |
| Application | Chrome | 31.0.1650.8 | All | All | All | |
| Application | Chrome | 31.0.1650.9 | All | All | All | |
| Application | Chrome | All | All | All | All | |
| Application | Libjpeg-turbo | Libjpeg-turbo | All | All | All | All |
| Application | Mozilla | Firefox | All | All | All | All |
| Application | Mozilla | Firefox Esr | All | All | All | All |
| Application | Mozilla | Seamonkey | All | All | All | All |
| Application | Mozilla | Thunderbird | All | All | All | All |
| Operating System | Opensuse | Opensuse | 12.2 | All | All | All |
| Operating System | Opensuse | Opensuse | 12.3 | All | All | All |
| Operating System | Opensuse | Opensuse | 13.1 | All | All | All |
| Operating System | Oracle | Solaris | 11.3 | All | All | All |
| Operating System | Oracle | Solaris | 11.3 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Oracle Solaris Bulletin - April 2016 | CONFIRM | www.oracle.com | |
| About the security content of OS X Mavericks v10.9.2 and Security Update 2014-001 - Apple Support | CONFIRM | support.apple.com | |
| openSUSE-SU-2014:0008-1: moderate: update for seamonkey | SUSE | lists.opensuse.org | |
| Red Hat Customer Portal | REDHAT | rhn.redhat.com | |
| Red Hat Customer Portal | REDHAT | rhn.redhat.com | |
| '[security bulletin] HPSBUX03092 SSRT101668 rev.1 - HP-UX running Java6, Remote Unauthorized Access, ' - MARC | HP | marc.info | |
| Red Hat Customer Portal | REDHAT | access.redhat.com | |
| MFSA 2013-116: JPEG information leak | CONFIRM | www.mozilla.org | |
| openSUSE-SU-2013:1958-1: moderate: update for MozillaThunderbird | SUSE | lists.opensuse.org | |
| Mageia Advisory: MGASA-2013-0333 - Updated libjpeg packages fix vulnerabilities in libjpeg-turbo | CONFIRM | advisories.mageia.org | |
| USN-2052-1: Firefox vulnerabilities | Ubuntu | UBUNTU | www.ubuntu.com | |
| [SECURITY] Fedora 20 Update: firefox-26.0-3.fc20 | FEDORA | lists.fedoraproject.org | |
| libjpeg/libjpeg-turbo Library CVE-2013-6629 Memory Corruption Vulnerability | BID | www.securityfocus.com | |
| Bug 686980 – stripes in pdf | CONFIRM | bugs.ghostscript.com | |
| IBM Security Bulletin: Multiple vulnerabilities in IBM SDK for Java included with IBM Forms Viewer - United States | CONFIRM | www.ibm.com | |
| Mozilla Firefox Multiple Flaws Let Remote Users Execute Arbitrary Code and Conduct Cross-Site Scripting Attacks - SecurityTracker | SECTRACK | www.securitytracker.com | |
| [SECURITY] Fedora 18 Update: thunderbird-24.2.0-2.fc18 | FEDORA | lists.fedoraproject.org | |
| About the security content of iOS 7.1 - Apple Support | CONFIRM | support.apple.com | |
| IBM Security Bulletin: InfoSphere Streams is possibly affected by vulnerabilities in the IBM® SDK, Java™ Technology Edition (CVE-2014-0453 and CVE-2014-0460) - United States | CONFIRM | www-01.ibm.com | |
| Security Advisory SA56175 - Ubuntu update for libjpeg and libjpeg-turbo - Secunia | SECUNIA | secunia.com | |
| Mozilla Seamonkey Multiple Flaws Let Remote Users Execute Arbitrary Code and Conduct Cross-Site Scripting Attacks - SecurityTracker | SECTRACK | www.securitytracker.com | |
| openSUSE-SU-2014:0065-1: moderate: update for chromium | SUSE | lists.opensuse.org | |
| openSUSE-SU-2013:1918-1: moderate: update for MozillaFirefox | SUSE | lists.opensuse.org | |
| Issue 258723 - chromium - Security: JPEG info leak - An open-source project to help move the web forward. - Google Project Hosting | CONFIRM | code.google.com | |
| USN-2053-1: Thunderbird vulnerabilities | Ubuntu | UBUNTU | www.ubuntu.com | |
| Oracle Critical Patch Update - April 2014 | CONFIRM | www.oracle.com | |
| Security Advisory SA59058 - IBM Lotus Expeditor Multiple Java Vulnerabilities - Secunia | SECUNIA | secunia.com | |
| [SECURITY] Fedora 19 Update: firefox-26.0-2.fc19 | FEDORA | lists.fedoraproject.org | |
| [security-announce] openSUSE-SU-2013:1861-1: important: chromium: update | SUSE | lists.opensuse.org | |
| openSUSE-SU-2013:1917-1: moderate: update for MozillaFirefox | SUSE | lists.opensuse.org | |
| {{windowTitle}} | CONFIRM | portal.msrc.microsoft.com | |
| About the security content of Apple TV 6.1 - Apple Support | CONFIRM | support.apple.com | |
| USN-2060-1: libjpeg, libjpeg-turbo vulnerabilities | Ubuntu | UBUNTU | www.ubuntu.com | |
| [security-announce] openSUSE-SU-2013:1776-1: important: chromium: 31.0.1 | SUSE | lists.opensuse.org | |
| Support / Security / Advisories / / MDVSA-2013:273 | Mandriva | MANDRIVA | www.mandriva.com | |
| Security Advisory SA58974 - IBM Forms Viewer Multiple Java Vulnerabilities - Secunia | SECUNIA | secunia.com | |
| '[security bulletin] HPSBUX03091 SSRT101667 rev.1 - HP-UX running Java7, Remote Unauthorized Access, ' - MARC | HP | marc.info | |
| Red Hat Customer Portal | REDHAT | access.redhat.com | |
| NEOHAPSIS - Peace of Mind Through Integrity and Insight | FULLDISC | archives.neohapsis.com | |
| Gentoo Linux Documentation -- IcedTea JDK: Multiple vulnerabilities | GENTOO | security.gentoo.org | |
| [chrome] Revision 229729 | CONFIRM | src.chromium.org | |
| [security-announce] openSUSE-SU-2013:1777-1: important: chromium: update | SUSE | lists.opensuse.org | |
| openSUSE-SU-2013:1916-1: moderate: update for MozillaFirefox | SUSE | lists.opensuse.org | |
| libjpeg-turbo: Multiple vulnerabilities (GLSA 201606-03) — Gentoo Security | GENTOO | security.gentoo.org | |
| Debian -- Security Information -- DSA-2799-1 chromium-browser | DEBIAN | www.debian.org | |
| openSUSE-SU-2013:1957-1: moderate: update for MozillaThunderbird | SUSE | lists.opensuse.org | |
| Chrome Releases: Stable Channel Update | CONFIRM | googlechromereleases.blogspot.com | Vendor Advisory |
| 891693 – (CVE-2013-6629) JPEG info leak | CONFIRM | bugzilla.mozilla.org | Issue Tracking |
| Juniper Networks - 2015-10 Security Bulletin: CTPView: Multiple Vulnerabilities in CTPView | CONFIRM | kb.juniper.net | |
| [SECURITY] Fedora 19 Update: thunderbird-24.2.0-2.fc19 | FEDORA | lists.fedoraproject.org | |
| IBM Security Bulletin: IBM Lotus Expeditor fixes for multiple vulnerabilities in IBM JRE - United States | CONFIRM | www-01.ibm.com | |
| openSUSE-SU-2013:1959-1: moderate: update for MozillaThunderbird | SUSE | lists.opensuse.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.