CVE-2013-6629
Summary
| CVE | CVE-2013-6629 |
|---|---|
| State | PUBLISHED |
| Assigner | mitre |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2013-11-19 04:50:56 UTC |
| Updated | 2026-04-29 01:13:23 UTC |
| Description | The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image. |
Risk And Classification
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
LowAuthentication
NoneConfidentiality
PartialIntegrity
NoneAvailability
NoneAV:N/AC:L/Au:N/C:P/I:N/A:N
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Artifex | Gpl Ghostscript | All | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 10.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 12.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 12.10 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 13.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 13.10 | All | All | All |
| Operating System | Debian | Debian Linux | 7.0 | All | All | All |
| Operating System | Debian | Debian Linux | 8.0 | All | All | All |
| Operating System | Fedoraproject | Fedora | 18 | All | All | All |
| Operating System | Fedoraproject | Fedora | 19 | All | All | All |
| Operating System | Fedoraproject | Fedora | 20 | All | All | All |
| Application | Chrome | All | All | All | All | |
| Application | Libjpeg-turbo | Libjpeg-turbo | All | All | All | All |
| Application | Mozilla | Firefox | All | All | All | All |
| Operating System | Opensuse | Opensuse | 12.2 | All | All | All |
| Operating System | Opensuse | Opensuse | 12.3 | All | All | All |
| Operating System | Opensuse | Opensuse | 13.1 | All | All | All |
| Operating System | Oracle | Solaris | 11.3 | All | All | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Security Advisory SA56175 - Ubuntu update for libjpeg and libjpeg-turbo - Secunia | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Not Applicable |
| USN-2052-1: Firefox vulnerabilities | Ubuntu | af854a3a-2127-422b-91ae-364da2661108 | www.ubuntu.com | Third Party Advisory |
| openSUSE-SU-2013:1918-1: moderate: update for MozillaFirefox | af854a3a-2127-422b-91ae-364da2661108 | lists.opensuse.org | Mailing List, Third Party Advisory |
| openSUSE-SU-2013:1917-1: moderate: update for MozillaFirefox | af854a3a-2127-422b-91ae-364da2661108 | lists.opensuse.org | Mailing List, Third Party Advisory |
| Issue 258723 - chromium - Security: JPEG info leak - An open-source project to help move the web forward. - Google Project Hosting | af854a3a-2127-422b-91ae-364da2661108 | code.google.com | Issue Tracking, Third Party Advisory |
| '[security bulletin] HPSBUX03091 SSRT101667 rev.1 - HP-UX running Java7, Remote Unauthorized Access, ' - MARC | af854a3a-2127-422b-91ae-364da2661108 | marc.info | Issue Tracking, Mailing List, Third Party Advisory |
| Support / Security / Advisories / / MDVSA-2013:273 | Mandriva | af854a3a-2127-422b-91ae-364da2661108 | www.mandriva.com | Broken Link |
| [SECURITY] Fedora 19 Update: thunderbird-24.2.0-2.fc19 | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | Mailing List, Third Party Advisory |
| openSUSE-SU-2013:1916-1: moderate: update for MozillaFirefox | af854a3a-2127-422b-91ae-364da2661108 | lists.opensuse.org | Mailing List, Third Party Advisory |
| [security-announce] openSUSE-SU-2013:1861-1: important: chromium: update | af854a3a-2127-422b-91ae-364da2661108 | lists.opensuse.org | Mailing List, Third Party Advisory |
| [security-announce] openSUSE-SU-2013:1776-1: important: chromium: 31.0.1 | af854a3a-2127-422b-91ae-364da2661108 | lists.opensuse.org | Mailing List, Third Party Advisory |
| [chrome] Revision 229729 | af854a3a-2127-422b-91ae-364da2661108 | src.chromium.org | Patch, Third Party Advisory |
| openSUSE-SU-2013:1958-1: moderate: update for MozillaThunderbird | af854a3a-2127-422b-91ae-364da2661108 | lists.opensuse.org | Mailing List, Third Party Advisory |
| Mozilla Seamonkey Multiple Flaws Let Remote Users Execute Arbitrary Code and Conduct Cross-Site Scripting Attacks - SecurityTracker | af854a3a-2127-422b-91ae-364da2661108 | www.securitytracker.com | Broken Link, Third Party Advisory, VDB Entry |
| openSUSE-SU-2013:1959-1: moderate: update for MozillaThunderbird | af854a3a-2127-422b-91ae-364da2661108 | lists.opensuse.org | Mailing List, Third Party Advisory |
| [SECURITY] Fedora 19 Update: firefox-26.0-2.fc19 | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | Mailing List, Third Party Advisory |
| Oracle Critical Patch Update - April 2014 | af854a3a-2127-422b-91ae-364da2661108 | www.oracle.com | Third Party Advisory |
| MFSA 2013-116: JPEG information leak | af854a3a-2127-422b-91ae-364da2661108 | www.mozilla.org | Third Party Advisory |
| 891693 – (CVE-2013-6629) JPEG info leak | af854a3a-2127-422b-91ae-364da2661108 | bugzilla.mozilla.org | Issue Tracking, Patch, Third Party Advisory |
| About the security content of iOS 7.1 - Apple Support | af854a3a-2127-422b-91ae-364da2661108 | support.apple.com | Third Party Advisory |
| About the security content of OS X Mavericks v10.9.2 and Security Update 2014-001 - Apple Support | af854a3a-2127-422b-91ae-364da2661108 | support.apple.com | Third Party Advisory |
| Mageia Advisory: MGASA-2013-0333 - Updated libjpeg packages fix vulnerabilities in libjpeg-turbo | af854a3a-2127-422b-91ae-364da2661108 | advisories.mageia.org | Third Party Advisory |
| IBM Security Bulletin: Multiple vulnerabilities in IBM SDK for Java included with IBM Forms Viewer - United States | af854a3a-2127-422b-91ae-364da2661108 | www.ibm.com | Third Party Advisory |
| Chrome Releases: Stable Channel Update | af854a3a-2127-422b-91ae-364da2661108 | googlechromereleases.blogspot.com | Vendor Advisory |
| {{windowTitle}} | af854a3a-2127-422b-91ae-364da2661108 | portal.msrc.microsoft.com | Patch, Third Party Advisory |
| IBM Security Bulletin: InfoSphere Streams is possibly affected by vulnerabilities in the IBM® SDK, Java™ Technology Edition (CVE-2014-0453 and CVE-2014-0460) - United States | af854a3a-2127-422b-91ae-364da2661108 | www-01.ibm.com | Third Party Advisory |
| Red Hat Customer Portal | af854a3a-2127-422b-91ae-364da2661108 | access.redhat.com | Third Party Advisory |
| Bug 686980 – stripes in pdf | af854a3a-2127-422b-91ae-364da2661108 | bugs.ghostscript.com | Issue Tracking, Vendor Advisory |
| Red Hat Customer Portal | af854a3a-2127-422b-91ae-364da2661108 | rhn.redhat.com | Third Party Advisory |
| NEOHAPSIS - Peace of Mind Through Integrity and Insight | af854a3a-2127-422b-91ae-364da2661108 | archives.neohapsis.com | Broken Link |
| Security Advisory SA58974 - IBM Forms Viewer Multiple Java Vulnerabilities - Secunia | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Not Applicable |
| Gentoo Linux Documentation -- IcedTea JDK: Multiple vulnerabilities | af854a3a-2127-422b-91ae-364da2661108 | security.gentoo.org | Third Party Advisory |
| Red Hat Customer Portal | af854a3a-2127-422b-91ae-364da2661108 | access.redhat.com | Third Party Advisory |
| openSUSE-SU-2014:0008-1: moderate: update for seamonkey | af854a3a-2127-422b-91ae-364da2661108 | lists.opensuse.org | Mailing List, Third Party Advisory |
| USN-2060-1: libjpeg, libjpeg-turbo vulnerabilities | Ubuntu | af854a3a-2127-422b-91ae-364da2661108 | www.ubuntu.com | Third Party Advisory |
| Mozilla Firefox Multiple Flaws Let Remote Users Execute Arbitrary Code and Conduct Cross-Site Scripting Attacks - SecurityTracker | af854a3a-2127-422b-91ae-364da2661108 | www.securitytracker.com | Broken Link, Third Party Advisory, VDB Entry |
| libjpeg/libjpeg-turbo Library CVE-2013-6629 Memory Corruption Vulnerability | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | Broken Link, Third Party Advisory, VDB Entry |
| [SECURITY] Fedora 18 Update: thunderbird-24.2.0-2.fc18 | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | Mailing List, Third Party Advisory |
| IBM Security Bulletin: IBM Lotus Expeditor fixes for multiple vulnerabilities in IBM JRE - United States | af854a3a-2127-422b-91ae-364da2661108 | www-01.ibm.com | Broken Link |
| Security Advisory SA59058 - IBM Lotus Expeditor Multiple Java Vulnerabilities - Secunia | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Not Applicable |
| openSUSE-SU-2014:0065-1: moderate: update for chromium | af854a3a-2127-422b-91ae-364da2661108 | lists.opensuse.org | Mailing List, Third Party Advisory |
| USN-2053-1: Thunderbird vulnerabilities | Ubuntu | af854a3a-2127-422b-91ae-364da2661108 | www.ubuntu.com | Third Party Advisory |
| About the security content of Apple TV 6.1 - Apple Support | af854a3a-2127-422b-91ae-364da2661108 | support.apple.com | Third Party Advisory |
| [SECURITY] Fedora 20 Update: firefox-26.0-3.fc20 | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | Mailing List, Third Party Advisory |
| Juniper Networks - 2015-10 Security Bulletin: CTPView: Multiple Vulnerabilities in CTPView | af854a3a-2127-422b-91ae-364da2661108 | kb.juniper.net | Third Party Advisory |
| Red Hat Customer Portal | af854a3a-2127-422b-91ae-364da2661108 | rhn.redhat.com | Third Party Advisory |
| Debian -- Security Information -- DSA-2799-1 chromium-browser | af854a3a-2127-422b-91ae-364da2661108 | www.debian.org | Third Party Advisory |
| openSUSE-SU-2013:1957-1: moderate: update for MozillaThunderbird | af854a3a-2127-422b-91ae-364da2661108 | lists.opensuse.org | Mailing List, Third Party Advisory |
| [security-announce] openSUSE-SU-2013:1777-1: important: chromium: update | af854a3a-2127-422b-91ae-364da2661108 | lists.opensuse.org | Mailing List, Third Party Advisory |
| libjpeg-turbo: Multiple vulnerabilities (GLSA 201606-03) — Gentoo Security | af854a3a-2127-422b-91ae-364da2661108 | security.gentoo.org | Third Party Advisory |
| '[security bulletin] HPSBUX03092 SSRT101668 rev.1 - HP-UX running Java6, Remote Unauthorized Access, ' - MARC | af854a3a-2127-422b-91ae-364da2661108 | marc.info | Issue Tracking, Mailing List, Third Party Advisory |
| Oracle Solaris Bulletin - April 2016 | af854a3a-2127-422b-91ae-364da2661108 | www.oracle.com | Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.